jspωiki
ExtendedKeyUsage

Overview#

ExtendedKeyUsage is a Certificate Extensions and consists of a list of usages indicating purposes for which the certificate public key can be used for.

These can either be object short names of the dotted numerical form of OIDs. While any OID can be used only certain values make sense. In particular the following PKIX, NS and MS values are meaningful: (Not an complete list)

OIDStringREFMeaning
1.3.6.1.5.5.7.3.1serverAuthRFC 3280SSL/TLS Web Server Authentication.
1.3.6.1.5.5.7.3.2clientAuthRFC 3280SSL/TLS Web Client Authentication.
1.3.6.1.5.5.7.3.3codeSigningRFC 3280Code signing.
1.3.6.1.5.5.7.3.4emailProtectionRFC 3280E-mail Protection (S/MIME).
1.3.6.1.5.5.7.3.5ipsecEndSystemRFC 3280IP security end system
1.3.6.1.5.5.7.3.6timeStampingRFC 3280IP security tunnel termination
1.3.6.1.5.5.7.3.7timeStampingRFC 3280IP security user
1.3.6.1.5.5.7.3.8timeStampingRFC 3280Trusted Timestamping
1.3.6.1.5.5.7.3.9OCSPstampingRFC 3280OCSPstamping
1.3.6.1.4.1.311.2.1.21msCodeIndMicrosoftMicrosoft Individual Code Signing (authenticode)
1.3.6.1.4.1.311.2.1.22msCodeComMicrosoftMicrosoft Commercial Code Signing (authenticode)
1.3.6.1.4.1.311.10.3.1msCTLSignMicrosoftMicrosoft Trust List Signing
1.3.6.1.4.1.311.10.3.3msSGCMicrosoftMicrosoft Server Gated Crypto
1.3.6.1.4.1.311.10.3.4msEFSMicrosoftMicrosoft Encrypted File System
2.16.840.1.113730.4.1nsSGCNetscapeNetscape Server Gated Crypto

Examples:#

extendedKeyUsage=critical,codeSigning,1.2.3.4
extendedKeyUsage=nsSGC,msSGC

More Information#

There might be more information for this subject on one of the following: