jspωiki
Certificate Key Usage

Overview#

Extended Key Usage.#

This extensions consists of a list of usages indicating purposes for which the Certificate Public Key can be used for.

These can either be object short names of the dotted numerical form of OIDs. While any OID can be used only certain values make sense. In particular the following PKIX, NS and MS values are meaningful: (Not an complete list)

ValueMeaning
serverAuthSSL/TLS Web Server Authentication.
clientAuthSSL/TLS Web Client Authentication.
codeSigningCode signing.
emailProtectionE-mail Protection (S/MIME).
timeStampingTrusted Timestamping
msCodeIndMicrosoft Individual Code Signing (authenticode)
msCodeComMicrosoft Commercial Code Signing (authenticode)
msCTLSignMicrosoft Trust List Signing
msSGCMicrosoft Server Gated Crypto
msEFSMicrosoft Encrypted File System
nsSGCNetscape Server Gated Crypto

Examples:#

extendedKeyUsage=critical,codeSigning,1.2.3.4
extendedKeyUsage=nsSGC,msSGC

More Information#

There might be more information for this subject on one of the following: