1# Certificate Overview 2The **Certificate** module provides APIs for X.509 certificate operations. You can use the APIs to implement quick development. 3 4## Basic Concepts 5 6A digital certificate provides a method of digitally verifying the identity of a user, device, or service. X.509 is an international standard format public key certificates that securely associate cryptographic key pairs with identifies such as websites, individuals, or organizations. The crypto framework provides the following capabilities: 7 8- X.509 certificate capabilities: parsing and serializing X.509 certificates, verifying X.509 certificate signatures, and querying certificate information. 9- X.509 certificate revocation list (CRL) capabilities: parsing, serializing, and querying the X.509 CRL. 10- Certificate chain validator capabilities: verifying the certificate chain (excluding the certificate validity period) and querying certificate chain algorithms. 11 12## Constraints 13 14- Multi-thread concurrent operations are not supported. 15 16### Certificate Specifications 17 18- Certificate chain verification 19 20 The certificate chain validator does not verify the certificate validity period because the system time on the device is untrusted. To check the validity period of a certificate, use **checkValidityWithDate()** of the **X509Cert** class. 21 22- Certificate formats 23 24 Currently, only the certificates in DER and PEM formats are supported. 25