A certificate authority has to follow the X509 standards, when creating digital certificates for organizations. These standards were established which specify which types of items must be contained in each and every digital certificate. The standards also tell CAs the correct placement of these items within each certificate. In addition, there is built-in flexibility allowed for optional items, which are not required, but which give organizations the ability to include them when desired.
There Can Be Exceptions to Using X509 Standards
There are certain cases where an organization does not have to follow X509 standards when creating digital certificates. These exceptions are typical when the organization is using a special certificate type in-house internally. They may decide to use their own certificate design when they are testing encryption and security of different forms of data. These types of certificates are not meant to be shared outside of the organization or with the general public.