The X509Certificate class represents an X.509 certificate. This class defines X.509 properties specified in RFC2459. After you make a successful call to SecureSocket.connect(), the server's certificate data is stored as an X509Certificate instance in the SecureSocket.serverCertificate property.

Use this class to examine a server certificate after establishing a secure socket connection. The properties in this class provide access to the most used attributes of an X.509 certificate. If you must access other parts of a server certificate (for example, its extensions), the complete certificate is available in the encoded property. The certificate stored in the encoded property is DER-encoded.

See also:


read onlyencoded:ByteArray

Provides the whole certificate in encoded form. Client code can decode this value to process certificate extensions. X.509 certificate extensions are not represented in the other properties in this class. Decoding the encoded property is the only way to access a certificate's extensions.

read onlyissuer:X500DistinguishedName

Provides the issuer's Distinguished Name (DN).

read onlyissuerUniqueID:String

Provides the issuer's unique identifier.

read onlyserialNumber:String

Provides the serial number of the certificate as a hexadecimal string. The issuer assigns this number, and the number is unique within the issuer's list of issued certificates.

read onlysignatureAlgorithmOID:String

Provides the signature algorithm Object Identifier (OID).

read onlysignatureAlgorithmParams:ByteArray

Provides the signature algorithm's parameters. If there are no signature algorithm parameters, this value is set to null.

read onlysubject:X500DistinguishedName

Provides the subject's Distinguished Name (DN).

read onlysubjectPublicKey:String

Provides the subject's public key.

read onlysubjectPublicKeyAlgorithmOID:String

Provides the algorithm OID for the subject's public key.

read onlysubjectUniqueID:String

Provides the subject's unique identifier.

read onlyvalidNotAfter:Date

Indicates the date on which the certificate's validity period ends.

read onlyvalidNotBefore:Date

Indicates the date on which the certificate's validity period begins.

read onlyversion:UInt

Provides the version number of the certificate format. This property indicates whether the certificate has extensions, a unique identifier, or only the basic fields.

  • version = 2: Indicates X.509 Version 3 - Extensions are present
  • version = 1: Indicates X.509 Version 2 - Extensions are not present, but a unique identifier is present.
  • version = null: Indicates X.509 Version 1 - Only the basic certificate fields are present