Certificates - Extensions (X509v3 extensions)

Certificates - Extensions (X509v3 extensions)

About

extensions are key values that are part of a certificate.

They are also known as the X509v3 extensions because they are defined in the x509 certificate format.

Most Known

The most known and extension are:

the Basic Constraint ¹⁾ determines if the certificate is a ca certificate or not and the maximum chain depth validation
the keyUsage that determines the principal usage
the extended keyUsage that determines the purpose of the usage
the Subject Alternative Name that determines the DNS name if the certificat is used for a server

To know more about the extensions, you can read the section 4.2 of the specification or the openssl documentation

How to see the extensions ?

with portcle

With Openssl x509 ²⁾

openssl x509 -in cert.pem -noout -text # the whole cert
openssl x509 -in cert.pem -noout -ext subjectAltName,nsCertType # only a subset

¹⁾

Basic Constraints Specification

²⁾

openssl-x509

Recommended Pages

CA Certificate

A CA certificate is a certificate used by a certificate authority to sign certificate. In the chain, it's the Root certificate or the intermediate certificates. Most organizations create an intermed "...

Identification Material - Certificate (or Public Key Certificate)

A certificate is a document which permits to define with certainty the owner of the private key (ensures that the party you are communicating with is whom you think.) because it's digitally signed A c "...

Root Certificate

A root certificate is a CA certificate that is located at the top of the certificate chain. A root ca is a certificate authority certificate that is self signed. Example: Root CA to sign client cert "...

What are the possible Certificate Usages ?

A certificate may have one or more several usages. This articles list them and shows you how to discover the usage also known as certificat purpose. extensions List Key Usage A certificate can be used "...

What is a client certificate authentication ? (SSL/TLS Web)

Client certificate authentication is a certification based authentication mechanism where the client identifies itself to the server by sending a signed certificate. The server just needs to verify t "...

Share this page: