RFC 5280 — Internet X.509 Public Key Infrastructure Certificate and CRL Profile by node

This document profiles the X.509 v3 certificate and CRL for the Internet. A certificate binds a public key to an identity through a CA's signature; this profile defines the fields, extensions, and validation rules that make a chain of certificates a basis for trust.