About
extensions are key values that are part of a certificate.
They are also known as the X509v3 extensions because they are defined in the x509 certificate format.
Most Known
The most known and extension are:
- the Basic Constraint 1) determines if the certificate is a ca certificate or not and the maximum chain depth validation
- the keyUsage that determines the principal usage
- the extended keyUsage that determines the purpose of the usage
- the Subject Alternative Name that determines the DNS name if the certificat is used for a server
To know more about the extensions, you can read the section 4.2 of the specification or the openssl documentation
How to see the extensions ?
- with portcle
- With Openssl x509 2)
openssl x509 -in cert.pem -noout -text # the whole cert
openssl x509 -in cert.pem -noout -ext subjectAltName,nsCertType # only a subset