B.3. Standard X.509 v3 Certificate Extension Reference
0x2
(which corresponds to version 3).
Example B.4. Sample Pretty-Print Certificate Extensions
Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE" Validity: Not Before: Fri Feb 22 19:06:56 2019 Not After : Tue Feb 22 19:06:56 2039 Subject: "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: dd:6d:ad:02:10:43:12:ad:ec:6c:10:82:b3:bc:ec:6d: 4b:e9:46:bc:a3:19:63:15:86:cf:6d:62:43:92:6b:a6: 3d:72:54:4b:4f:d5:ad:a9:1d:76:8d:1c:e9:15:24:10: a1:03:1e:1b:14:5e:08:0a:0f:5b:02:aa:e9:3f:85:e1: d4:a6:01:1e:58:ab:7b:f2:67:32:f4:95:3d:35:9c:76: 3a:cb:3b:ef:e3:7d:32:04:bb:35:46:68:bd:21:0c:16: b6:63:aa:e7:bb:cd:0f:55:66:21:09:e6:a6:f7:4c:fd: af:c8:a6:d1:98:03:aa:89:b8:76:e7:dd:df:2b:23:c5: b3:06:16:1d:4a:13:8b:0b:56:0c:d5:a2:9a:22:5e:7d: 08:af:e4:bf:a0:f6:28:ee:ae:0f:2c:b2:4d:2a:09:5b: 6f:32:2e:05:3a:3b:92:5d:d6:1d:69:95:09:0d:f4:b8: 52:ac:48:0f:a8:4f:0a:22:1b:01:4c:d2:79:89:e0:bc: cd:1c:84:f8:88:e6:92:16:ed:08:ad:6d:9c:17:8d:70: 92:bd:18:74:1a:31:5f:9b:f7:eb:f7:6e:f8:9a:e6:37: fe:7a:c6:07:9b:8a:6c:e8:5b:77:7c:37:e0:66:39:72: 62:5d:5d:d0:65:a2:d9:b0:7f:d3:ba:ed:4b:42:89:47 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Key ID: 88:fb:c7:45:a8:b8:e9:74:ab:71:a2:ab:ce:4e:26:b9: a5:97:dc:05 Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Certificate Signing CRL Signing Name: Certificate Subject Key ID Data: 88:fb:c7:45:a8:b8:e9:74:ab:71:a2:ab:ce:4e:26:b9: a5:97:dc:05 Name: Authority Information Access Method: PKIX Online Certificate Status Protocol Location: URI: "http://localhost.localdomain:8080/ca/ocsp" Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 6b:ed:d8:2b:de:40:a4:14:dd:e8:ce:52:2d:40:0a:f1: 88:57:36:3b:7f:c4:e8:77:2b:95:e9:60:fd:57:9b:c2: 2d:17:a2:67:4e:c0:23:00:7a:2c:ef:5f:12:13:05:cc: 9e:d7:4f:70:55:68:88:eb:29:34:94:cd:59:a6:92:31: c6:36:74:dd:e5:a2:1f:b1:9e:6d:f0:41:95:c2:7f:4c: 38:46:62:d9:f3:27:f4:a3:a7:f3:a2:ba:1c:e5:77:4a: d3:2d:50:10:47:03:2e:4f:f2:ef:75:92:36:d8:99:6d: f6:ef:f5:ee:17:70:c2:e0:c1:a1:26:fa:00:e2:ec:35: d5:11:4d:df:66:8d:3c:84:fa:72:ff:47:a5:95:08:c2: 80:e6:19:60:ab:51:d6:f1:aa:ac:72:77:d0:01:97:1f: 13:f0:c9:55:09:4d:d9:62:5b:bc:4a:21:5a:af:77:cb: 4e:cf:48:aa:3d:fc:f6:5e:c8:e2:e0:e3:58:58:40:39: 2b:9c:15:d3:65:62:d0:96:1b:35:3f:6e:35:96:ae:36: c2:6c:2b:46:e8:a3:d3:52:21:f0:47:5a:73:5e:1a:b0: 99:2f:5d:1b:bc:a1:81:65:68:16:08:e8:3e:2f:5e:32: 79:ca:8e:25:e5:78:a1:fc:cd:c0:b3:aa:83:02:18:43 Fingerprint (SHA-256): 2B:2F:05:59:12:F7:A4:6D:DE:22:43:82:59:EC:9F:45:AD:6C:1E:0A:63:6B:79:57:B1:34:3E:1B:BA:D2:13:AC Fingerprint (SHA1): E1:87:42:85:AF:07:6C:B2:5F:07:CB:50:4D:49:17:AB:43:99:31:F7 Mozilla-CA-Policy: false (attribute missing) Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags:
Netscape Certificate Comment
is 2.16.840.1.113730.1.13. The OID assigned to this extension is hierarchical and includes the former Netscape company arc, 2.16.840.1
. The OID definition entry is http://www.alvestrand.no/objectid/2.16.840.1.113730.1.13.html.
B.3.1. authorityInfoAccess
accessMethod
and an accessLocation
field. accessMethod
specifies by OID the type and format of information about the issuer named in accessLocation
.
accessMethod
(id-ad-caIssuers
) to get a list of CAs that have issued certificates higher in the CA chain than the issuer of the certificate using the extension. The accessLocation
field then typically contains a URL indicating the location and protocol (LDAP, HTTP, or FTP) used to retrieve the list.
id-ad-ocsp
) for using OCSP to verify certificates. The accessLocation
field then contains a URL indicating the location and protocol used to access an OCSP responder that can validate the certificate.
1.3.6.1.5.5.7.1.1
This extension must be noncritical.
B.3.2. authorityKeyIdentifier
- An explicit key identifier, set in the
keyIdentifier
field - An issuer, set in the
authorityCertIssuer
field, and serial number, set in theauthorityCertSerialNumber
field, identifying a certificate
keyIdentifier
field exists, it is used to select the certificate with a matching subjectKeyIdentifier
extension. If the authorityCertIssuer
and authorityCertSerialNumber
fields are present, then they are used to identify the correct certificate by issuer
and serialNumber
.
authorityCertIssuer
and authorityCertSerialNumber
fields be specified. These fields permit construction of a complete certificate chain by matching the SubjectName
and CertificateSerialNumber
fields in the issuer's certificate against the authortiyCertIssuer
and authorityCertSerialNumber
in the Authority Key Identifier extension of the subject certificate.
2.5.29.35
This extension is always noncritical and is always evaluated.
B.3.3. basicConstraints
cA
component should be set to true
for all CA certificates. PKIX recommends that this extension should not appear in end-entity certificates.
pathLenConstraint
component is present, its value must be greater than the number of CA certificates that have been processed so far, starting with the end-entity certificate and moving up the chain. If pathLenConstraint
is omitted, then all of the higher level CA certificates in the chain must not include this component when the extension is present.
2.5.29.19
PKIX Part 1 requires that this extension be marked critical. This extension is evaluated regardless of its criticality.
B.3.4. certificatePoliciesExt
2.5.29.32
This extension may be critical or noncritical.
B.3.5. CRLDistributionPoints
DistributionPointName
with a type set to URI, the URI is assumed to be a pointer to the current CRL for the specified revocation reasons and will be issued by the named cRLIssuer
. The expected values for the URI are those defined for the Subject Alternative Name extension. If the distributionPoint
omits reasons, the CRL must include revocations for all reasons. If the distributionPoint
omits cRLIssuer
, the CRL must be issued by the CA that issued the certificate.
2.5.29.31
PKIX recommends that this extension be marked noncritical and that it be supported for all certificates.
B.3.6. extKeyUsage
Important
OCSP Signing
in an OCSP responder's certificate unless the CA signing key that signed the certificates validated by the responder is also the OCSP signing key. The OCSP responder's certificate must be issued directly by the CA that signs certificates the responder will validate.
2.5.29.37
If this extension is marked critical, the certificate must be used for one of the indicated purposes only. If it is not marked critical, it is treated as an advisory field that may be used to identify keys but does not restrict the use of the certificate to the indicated purposes.
Use | OID |
---|---|
Server authentication | 1.3.6.1.5.5.7.3.1 |
Client authentication | 1.3.6.1.5.5.7.3.2 |
Code signing | 1.3.6.1.5.5.7.3.3 |
1.3.6.1.5.5.7.3.4 | |
Timestamping | 1.3.6.1.5.5.7.3.8 |
OCSP Signing |
1.3.6.1.5.5.7.3.9[a]
|
[a]
OCSP Signing is not defined in PKIX Part 1, but in RFC 2560, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP.
|
Use | OID |
---|---|
Certificate trust list signing | 1.3.6.1.4.1.311.10.3.1 |
Microsoft Server Gated Crypto (SGC) | 1.3.6.1.4.1.311.10.3.3 |
Microsoft Encrypted File System | 1.3.6.1.4.1.311.10.3.4 |
Netscape SGC | 2.16.840.1.113730.4.1 |
B.3.7. issuerAltName Extension
2.5.29.18
PKIX Part 1 recommends that this extension be marked noncritical.
B.3.8. keyUsage
Important
digitalSignature
(0
) for TLS client certificates, S/MIME signing certificates, and object-signing certificates.nonRepudiation
(1
) for some S/MIME signing certificates and object-signing certificates.Warning
Use of this bit is controversial. Carefully consider the legal consequences of its use before setting it for any certificate.keyEncipherment
(2
) for TLS server certificates and S/MIME encryption certificates.dataEncipherment
(3
) when the subject's public key is used to encrypt user data instead of key material.keyAgreement
(4
) when the subject's public key is used for key agreement.keyCertSign
(5
) for all CA signing certificates.cRLSign
(6
) for CA signing certificates that are used to sign CRLs.encipherOnly
(7
) if the public key is used only for enciphering data. If this bit is set,keyAgreement
should also be set.decipherOnly
(8
) if the public key is used only for deciphering data. If this bit is set,keyAgreement
should also be set.
keyUsage
extension is present and marked critical, then it is used to enforce the usage of the certificate and key. The extension is used to limit the usage of a key; if the extension is not present or not critical, all types of usage are allowed.
keyUsage
extension is present, critical or not, it is used to select from multiple certificates for a given operation. For example, it is used to distinguish separate signing and encryption certificates for users who have separate certificates and key pairs for operations.
2.5.29.15
This extension may be critical or noncritical. PKIX Part 1 recommends that it should be marked critical if it is used.
Purpose of Certificate | Required Key Usage Bit |
---|---|
CA Signing |
|
TLS Client | digitalSignature |
TLS Server | keyEncipherment |
S/MIME Signing | digitalSignature |
S/MIME Encryption | keyEncipherment |
Certificate Signing | keyCertSign |
Object Signing | digitalSignature |
B.3.9. nameConstraints
2.5.29.30
PKIX Part 1 requires that this extension be marked critical.
B.3.10. OCSPNocheck
OCSPNocheck
should be issued with short lifetimes and be renewed frequently.
1.3.6.1.5.5.7.48.4
This extension should be noncritical.
B.3.11. policyConstraints
2.5.29.36
This extension may be critical or noncritical.
B.3.12. policyMappings
2.5.29.33
This extension must be noncritical.
B.3.13. privateKeyUsagePeriod
Note
2.5.29.16
B.3.14. subjectAltName
EmailAddress
attribute defined by PKCS #9. Software that supports S/MIME must be able to read an email address from either the Subject Alternative Name extension or from the subject name field.
2.5.29.17
If the certificate's subject field is empty, this extension must be marked critical.
B.3.15. subjectDirectoryAttributes
2.5.29.9
PKIX Part 1 requires that this extension be marked noncritical.
B.3.16. subjectKeyIdentifier
subjectPublicKey
, as recommended by PKIX. The Subject Key Identifier extension is used in conjunction with the Authority Key Identifier extension for CA certificates. If the CA certificate has a Subject Key Identifier extension, the key identifier in the Authority Key Identifier extension of the certificate being verified should match the key identifier of the CA's Subject Key Identifier extension. It is not necessary for the verifier to recompute the key identifier in this case.
2.5.29.14
This extension is always noncritical.