Internet X.509 Public Key Infrastructure Certificate and CRL Profile
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/entity//" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/entity//Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/entity//)Use the native HTML custom element.
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk · 2008-05
Abstract
This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of the approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms.
Why This RFC Matters
RFC 5280 is the foundational specification for the PKI infrastructure that underpins HTTPS trust on the internet. Every TLS certificate issued by a Certificate Authority and validated by a browser or operating system must conform to the field encodings, extension semantics, name validation rules, and path-building algorithms defined here. The profile constrains the enormously complex ASN.1 X.509 standard into a practical subset with well-defined behavior, enabling interoperability between browsers, servers, CAs, and OCSP responders across the entire public web PKI ecosystem.