An X.509 certificate usually contains information about the certificate holder, the signer, a unique serial number, expiration dates and some other fields [RFC3280] (See RFC3280.) as shown in the table below.
version:serialNumber:issuer:validity:subject:extensions:The certificate's subject or issuer name is not just a single string. It is a Distinguished name and in the ASN.1 notation is a sequence of several object IDs with their corresponding values. Some of available OIDs to be used in an X.509 distinguished name are defined in gnutls/x509.h.
The Version field in a certificate has values either 1 or 3 for version 3 certificates. Version 1 certificates do not support the extensions field so it is not possible to distinguish a CA from a person, thus their usage should be avoided.
The validity dates are there to indicate the date that the specific certificate was activated and the date the certificate's key would be considered invalid.
Certificate extensions are there to include information about the certificate's subject that did not fit in the typical certificate fields. Those may be e-mail addresses, flags that indicate whether the belongs to a CA etc. All the supported X.509 version 3 extensions are shown in the table below.
subject key id (2.5.29.14):authority key id (2.5.29.35):subject alternative name (2.5.29.17):key usage (2.5.29.15):extended key usage (2.5.29.37):basic constraints (2.5.29.19):CRL distribution points (2.5.29.31):In GnuTLS the X.509 certificate structures are handled using
the gnutls_x509_crt_t type and the corresponding private keys
with the gnutls_x509_privkey_t type. All the available
functions for X.509 certificate handling have their prototypes in
gnutls/x509.h. An example program to demonstrate the X.509
parsing capabilities can be found at section ex:x509-info.