The most important standard for PKI's is X.509, which defines the format and content of digital certificates and how to validate them. It is an International Telecommunications Union (ITU) Recommendation, published as ITU-T X.509 and ISO/IEC/ITU 9594-8.

Standards are still evolving, and different companies have implemented it in different ways. For example, Netscape and Microsoft both use X.509 certificates in their Web servers and browsers, but an X.509 certificate created by Netscape may not be readable by Microsoft products, and vice versa.