X.509 certificates, also referred to as public key certificates, digital certificates, or certificates, are used in a wide variety of applications. These digital certificates provide a method to verify the identity of an organization, are a component of a secure communications channel, and deliver authorization information based on these capabilities. As utilized on the Internet, the certificate is an electronic document that uses a digital signature to bind a public key to an identity. Information such as the name of an organization, their address, are included in the certificate. In a public key infrastructure (PKI) system, the digital signature is provided by a Certificate Authority (CA) that issues the certificate. The signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together.
A common use of certificates is for https-based web sites. When a user accesses an https-based site, the browser validates that an SSL web server is authentic, providing the user with the confidence that the interactions with the web site will be secure, for example, that the web site is authentic and that their data transactions are encrypted. In order to obtain a digital certificate, a web site operator applies to a CA using a certificate signing request (CSR). The certificate request is an electronic document that contains the web site name, contact email address, company information, and other information. The CA digitally signs the public key from the request, thus producing a public certificate. This public certificate is served to any browser that connects to the web site and provides validation to the browser that the provider believes it has issued a certificate to the owner of the web site. Before issuing a digital certificate, the CA will execute rigorous processes to authenticate and verify the identity of the requester.
X.509 certificates are defined by the Telecommunication Standardization Sector (ITU-T) of the International Telecommunication Union (ITU) as part of the Directory (X.500) series. Additional description related to the structure of X.509 digital certificates may be found in RFC 5280, which is located at http://www.ietf.org/rfc/rfc5280.txt.
The structure of an X.509 v3 digital certificate is as follows:                Certificate                    Version            Serial Number            Algorithm ID            Issuer            Validity                            notBefore                notAfter                                    Subject            Subject Public Key Info                            Public Key Algorithm                Subject Public Key                                    Issuer Unique Identifier (Optional)            Subject Unique Identifier (Optional)            Extensions (Optional)                            . . .                                                Certificate Signature Algorithm        Certificate Signature        
Certificates are issued by a Certificate Authority (CA), for example, the present assignee. The certificate validity period is the time interval during which the CA warrants that it will maintain information about the status of the certificate. The field is represented as a SEQUENCE of two dates: the date on which the certificate validity period begins (notBefore); and the date on which the certificate validity period ends (notAfter). Both notBefore and notAfter may be encoded as UTCTime or GeneralizedTime.
Pursuant to RFC 5280, CAs encode certificate validity dates through the year 2049 as UTCTime. Certificate validity dates in 2050 or later are encoded as GeneralizedTime. Conforming applications are able to process validity dates that are encoded in either UTCTime or GeneralizedTime. The validity period for a certificate is the period of time from notBefore through notAfter, inclusive. Both notBefore and notAfter may be encoded as UTCTime or GeneralizedTime.
Despite the benefits available through the use of digital certificates, there is a need in the art for improved methods and systems related to the use of digital certificates.