3 PKIX Certificates

3.1  Introduction to Certificates

Certificates were originally defined by ITU (CCITT) and the latest definitions are described in X.509, but those definitions are (as always) not working.

Working certificate definitions for the Internet Community are found in the the PKIX RFCs rfc3279 and rfc3280. The parsing of certificates in the Erlang/OTP SSL application is based on those RFCS.

Certificates are defined in terms of ASN.1 (X.680). For an introduction to ASN.1 see ASN.1 Information Site.

3.2  PKIX Certificates

Certificate handling is now handled by the public_key application.

DER encoded certificates returned by ssl:peercert/1 can for example be decoded by the public_key:pkix_decode_cert/2 function.