X.509 is an International Telecommunication Union (ISO) standard defining the format of public key certificates.

X.509 certificates are used in many Internet protocols, including

Transport Layer Security (TLS) /Secure Sockets Layer (SSL) , which is the basis for HyperText Transfer Protocol Secure (HTTPS) , the secure protocol

for browsing the web. They are also used in offline applications, like electronic

signatures.

An X.509 certificate binds an identity to a public key using a digital signature.

A certificate contains an identity (a hostname, or an organization, or an individual)

and a public key (Rivest–Shamir–Adleman public-key cryptosystem. (RSA) , Digital Signature Algorithm public-key cryptosystem (DSA) , Elliptic Curve Digital Signature Algorithm public-key cryptosystem (ECDSA) , etc.), and is either signed

by a certificate authority or is self-signed. When a certificate is signed by a

trusted certificate authority, or validated by other means, someone holding that

certificate can use the public key it contains to establish secure communications

with another party, or validate documents digitally signed by the corresponding

private key.

X.509 also defines certificate revocation lists, which are a means to distribute

information about certificates that have been deemed invalid by a signing authority,

as well as a certification path validation algorithm, which allows for certificates

to be signed by intermediate Certificate Authority (CA) certificates, which are, in turn, signed by

other certificates, eventually reaching a trust anchor.