Certificates - Extensions (X509v3 extensions)

Certificate Validity Period Not Before Not After Portecle


extensions are key values that are part of a certificate.

They are also known as the X509v3 extensions because they are defined in the x509 certificate format.

Most Known

The most known and extension are:

To know more about the extensions, you can read the section 4.2 of the specification or the openssl documentation

How to see the extensions ?

Protecle Certificate Extensions

  • With Openssl x509 2)
openssl x509 -in cert.pem -noout -text # the whole cert
openssl x509 -in cert.pem -noout -ext subjectAltName,nsCertType # only a subset

Discover More
Certificate Validity Period Not Before Not After Portecle
CA Certificate

A CA certificate is a certificate used by a certificate authority to sign certificate. In the chain, it's the Root certificate or the intermediate certificates. Most organizations create an intermediate...
Certificate Validity Period Not Before Not After Portecle
Identification Material - Certificate (or Public Key Certificate)

A certificate is a document which permits to define with certainty the owner of the private key (ensures that the party you are communicating with is whom you think.) because it's digitally signed A certificate...
Certification Chain Path Chrome Dev
Root Certificate

A root certificate is a CA certificate that is located at the top of the certificate chain. A root ca is a certificate authority certificate that is self signed. This example shows you how to create...
Certificate Usage
What are the possible usages of a cryptographic certificate?

A certificate may have one or more several usages. This articles list them and show you how to discover the usage also known as certificat purpose. extensions A certificate can be used for one or...
Public Key Crypto Pair Key Creation
What is a client certificate authentication ? (SSL/TLS Web)

Client certificate authentication is a certification based authentication mechanism where the client identifies itself to the server by sending a signed certificate. The server just needs to verify the...

Share this page:
Follow us:
Task Runner