The X.509 protocols include a structure for public-key certificates. A CA assigns a unique name to each user and issues a signed certificate containing this name and the user's public key. The following diagram shows an X.509 certificate.
X.509 Certificate
These are the meanings for each field.
| Field | Meaning |
| Version | Identifies the certificate format. |
| Serial Number | Is unique to the CA. |
| Algorithm Identifier | Identifies the algorithm used to sign the certificate, together with any necessary parameters. |
| Issuer | The name of the CA. |
| Period of Validity | A pair of dates. The certificate is valid during the time period between the two. |
| Subject | The name of the user. |
| Subject's Public Key | Contains the public key algorithm name, any necessary parameters, and the public key. |
| Signature | The CA's signature. |