Serial number, the serial number of the certificate issued by the same certification body is unique.
Algorithm identifier signature algorithm, including the identification information of the necessary parameter issuer certification authority.
term of validity
Identity information of the principal certificate holder
The public key of the subject public key certificate holder.
Signature The signature of the certificate authority on the certificate.
Format of Certificates Certificates issued by the Certification Center all follow the X.509 V3 standard, and the basic format is as follows:
Certificate format version number.
Meaning: used to specify the version number of X.509 used in the certificate format.
Certificate serial number (certificate serial number)
Meaning: Used to specify the unique serial number of the certificate to identify all public key certificates issued by CA.
Signature algorithm identifier (algorithm identifier)
Meaning: Used to specify the signature algorithm used by CA when issuing certificates.
The name (issuer) of the CA that issued this certificate.
Meaning: used to specify the X.500 unique name (DN, distinguished name) of the CA that issued the certificate.
Certificate validity start date (not earlier than) end date (not later than)
Meaning: used to specify the start date and end date of the certificate.
User Name (Subject)
Meaning: used to specify the X.500 unique name (DN) of the certificate user.
User public key information algorithm identifier user public key.
Meaning: the algorithm used to identify the use of public keys, including the public key itself.
Certificate extension (extension)
Meaning: used to specify additional information.
The extended part (extended domain) of X.509 V3 certificate and its implementation method are as follows:
Authorization key identifier of the CA.
Public key identifier (set to unused)
Certificate Issuer The issuer of a certificate.
The serial number of the certificate issued by the certificate issuer (certificate serial number)
The extended part (extended domain) of the X.509 V3 certificate and the authorization key identifier that implements the CA.
Public key identifier (set to unused)
Certificate serial number (certificate serial number) of the issuer certificate.
Meaning: The unique identification of the key pair used by CA to sign the certificate. The subject key identifier of the user.
Meaning: used to identify the specific key related to the public key in the decryption certificate.
Usage of public key in certificate.
Meaning: used to specify the purpose of the public key.
User's private key lifetime start date (before attention) and end date (after attention).
Meaning: used to specify the start date and end date of the private key signed by the user.
List of certifiCAte policies recognized by ca.
Meaning: used to specify the policy applicable to the user certificate, and the certificate policy can be represented by the object identifier.
Alternate name of the user.
Meaning: used to specify the user's alias.
Alternate name of CA (Issuer Alternate Name)
Meaning: used to specify the alias of CA.
Basic constraint (basic constraint)
Meaning: used to indicate whether the certificate user is the end user or the CA. In the SET system, some private extensions (extended domains) have the meaning of hash root key: they are only used in the root certificate and used for backtracking when the certificate is updated.
Certificate Type (Certificate Type)
Meaning: Used to distinguish different entities. This item is required.
Merchant data (merchant data)
Meaning: It contains all merchant information required by the payment gateway.
Cardholder certificate is required (card certificate is required)
Meaning: Shows whether the payment gateway supports cardholder's transaction without certificate.
Set Extension (Set Extension)
Meaning: It lists the collection information extensions of payment commands supported by the payment gateway.
CRL data definition version (version)
Meaning: Displays the version number of the CRL.
Issuer of CRL
Meaning: Indicates the distinguished name of the CA that issued the CRL.
CRL release time (this update) Estimated next CRL update time (next update) Revocation certificate information directory (CRL extension) CA's public key identifier (authorization key identifier) CRL number (CRL number).