Anatomy of an X.509 Certificate

A TLS server certificate, read top to bottom like a credential. Hover any field for what it means and why it matters.

X.509 Certificate — v3 Subject CN=www.example.com, O=Example Corp, C=US Subject Alternative Names DNS:www.example.com, DNS:example.com Subject Public Key ECDSA P-256 — 02:7f:a3:... (compressed) Issuer CN=Example Intermediate CA, O=Example Trust Validity 2026-04-25 to 2027-04-25 (one year) Serial Number 0x4d3e:f2a1:88c0:1234 Key Usage Digital Signature, Key Encipherment Extended Key Usage TLS Server Authentication Issuer's signature 30:45:02:21:00... (ECDSA over all fields above) Server's private key kept on the server, never transmitted, not in this certificate paired with the public key above