# Certificate Overview
The **Certificate** module provides APIs for X.509 certificate operations. You can use the APIs to implement quick development.

## Basic Concepts

A digital certificate provides a method of digitally verifying the identity of a user, device, or service. X.509 is an international standard format public key certificates that securely associate cryptographic key pairs with identifies such as websites, individuals, or organizations. The crypto framework provides the following capabilities:

- X.509 certificate capabilities: parsing and serializing X.509 certificates, verifying X.509 certificate signatures, and querying certificate information.
- X.509 certificate revocation list (CRL) capabilities: parsing, serializing, and querying the X.509 CRL.
- Certificate chain validator capabilities: verifying the certificate chain (excluding the certificate validity period) and querying certificate chain algorithms.

## Constraints

- Multi-thread concurrent operations are not supported.

### Certificate Specifications

- Certificate chain verification

  The certificate chain validator does not verify the certificate validity period because the system time on the device is untrusted. To check the validity period of a certificate, use **checkValidityWithDate()** of the **X509Cert** class.

- Certificate formats
  
  Currently, only the certificates in DER and PEM formats are supported.