Certificate extensions
Extensions provide additional context for a certificate.
There are several types of extensions, but some of the most common include.
Extension | Description | ||
---|---|---|---|
Subject key identifier |
Holds a unique identifier for the certificate, which is generally derived from the certificate’s public key. |
||
Authority key identifier |
Holds the subject key identifier for the issuer certificate. It can help identify the issuer certificate, especially when presented with an incomplete certificate chain. |
||
Subject alternative name |
Holds a list of ways that clients are expected to reference a server when establishing a connection to it. Clients should take this information into account when deciding whether to trust a server’s certificate. There are several types of values, but the most common are DNS names, IP addresses, and URIs.
|
||
Key usage |
Provides information about the way in which the certificate is expected to be used. Allowed key usages include:
|
||
Extended key usage |
Acts as an alternative to the key usage extension and provides additional high-level functionality. Allowed extended key usages include:
|
||
Basic constraints |
Indicates whether the certificate can act as a certification authority and, if so, the maximum number of intermediate certificates that might appear beneath it in a certificate chain. |