Certificate extensions
Extensions provide additional context for a certificate.
Some of the more common extension types include the following:
- Subject key identifier
-
Holds a unique identifier for the certificate, which is generally derived from the certificate’s public key.
- Authority key identifier
-
Holds the subject key identifier for the issuer certificate. This extension type helps to identify the issuer certificate, especially when presented with an incomplete certificate chain.
- Subject alternative name
-
Holds a list of ways that clients are expected to reference a server when establishing a connection to it.
Clients must take this information into account when deciding whether to trust a server’s certificate.
The most common types of values include DNS names, IP addresses, and URIs. DNS names must be fully qualified, but can optionally use an asterisk in the leftmost component to match any single name in that component. For example,
*.example.com
could matchwww.example.com
orldap.example.com
, but would not matchldap.east.example.com
orexample.com
. - Key usage
-
Provides information about the manner in which the certificate is expected to be used. The following key usages are allowed:
digitalSignature
-
Indicates that the certificate can be used for digitally signing data, excluding certificates and certificate revocation lists (CRL).
nonRepudiation
-
Indicates that the certificate can be used to prevent denying the authenticity of a message.
nonRepudiation
is also known ascontentCommitment
. keyEncipherment
-
Indicates that the certificate can be used to protect encryption keys, such as symmetric keys that are derived during TLS key agreement.
dataEncipherment
-
Indicates that the certificate can be used for encrypting data directly.
keyAgreement
-
Indicates that the certificate’s public key can be used for key agreement, such as deriving the symmetric key that protects TLS communication.
keyCertSign
-
Indicates that the certificate can act as a certification authority and be used for signing other certificates.
cRLSign
-
Indicates that the certificate can be used to sign CRLs.
encipherOnly
-
When used in conjunction with
keyEncipherment
, indicates that the public key can be used only for encrypting data during key agreement. decipherOnly
-
When used in conjunction with
keyEncipherment
, indicates that the public key can be used only for decrypting data during key agreement.
- Extended key usage
-
Acts as an alternative to the key usage extension and provides additional high-level functionality. The following extended key usages are allowed:
serverAuth
-
Indicates that the server can present the certificate to the client during TLS negotiation.
clientAuth
-
Indicates that the client can present the certificate to the server during TLS negotiation.
codeSigning
-
Indicates that the certificate can be used to sign source and compiled code.
emailProtection
-
Indicates that the certificate can be used to sign or encrypt email messages.
timeStamping
-
Indicates that the certificate can be used to assert the time that an event occurred.
ocspSigning
-
Indicates that the certificate can be used to sign an online certificate status protocol (OCSP) response.
- Basic constraints
-
Indicates whether the certificate can act as a certification authority and, if so, the maximum number of intermediate certificates that can follow it in a certificate chain.