This memo profiles the X.509 v3 certificate and X.509 v2 certificate
revocation list (CRL) for use in the Internet. An overview of this
approach and model is provided as an introduction. The X.509 v3
certificate format is described in detail, with additional
information regarding the format and semantics of Internet name
forms. Standard certificate extensions are described and two
Internet-specific extensions are defined. A set of required
certificate extensions is specified. The X.509 v2 CRL format is
described in detail along with standard and Internet-specific
extensions. An algorithm for X.509 certification path validation is
described. An ASN.1 module and examples are provided in the
appendices.