Ldapwiki: ExtendedKeyUsage

Overview#

ExtendedKeyUsage is a Certificate Extensions and consists of a list of usages indicating purposes for which the certificate public key can be used for.

These can either be object short names of the dotted numerical form of OIDs. While any OID can be used only certain values make sense. In particular the following PKIX, NS and MS values are meaningful: (Not an complete list)

OID	String	REF	Meaning
1.3.6.1.5.5.7.3.1	serverAuth	RFC 3280	SSL/TLS Web Server Authentication.
1.3.6.1.5.5.7.3.2	clientAuth	RFC 3280	SSL/TLS Web Client Authentication.
1.3.6.1.5.5.7.3.3	codeSigning	RFC 3280	Code signing.
1.3.6.1.5.5.7.3.4	emailProtection	RFC 3280	E-mail Protection (S/MIME).
1.3.6.1.5.5.7.3.5	ipsecEndSystem	RFC 3280	IP security end system
1.3.6.1.5.5.7.3.6	timeStamping	RFC 3280	IP security tunnel termination
1.3.6.1.5.5.7.3.7	timeStamping	RFC 3280	IP security user
1.3.6.1.5.5.7.3.8	timeStamping	RFC 3280	Trusted Timestamping
1.3.6.1.5.5.7.3.9	OCSPstamping	RFC 3280	OCSPstamping
1.3.6.1.4.1.311.2.1.21	msCodeInd	Microsoft	Microsoft Individual Code Signing (authenticode)
1.3.6.1.4.1.311.2.1.22	msCodeCom	Microsoft	Microsoft Commercial Code Signing (authenticode)
1.3.6.1.4.1.311.10.3.1	msCTLSign	Microsoft	Microsoft Trust List Signing
1.3.6.1.4.1.311.10.3.3	msSGC	Microsoft	Microsoft Server Gated Crypto
1.3.6.1.4.1.311.10.3.4	msEFS	Microsoft	Microsoft Encrypted File System
2.16.840.1.113730.4.1	nsSGC	Netscape	Netscape Server Gated Crypto

Examples:#

extendedKeyUsage=critical,codeSigning,1.2.3.4
extendedKeyUsage=nsSGC,msSGC

More Information#

There might be more information for this subject on one of the following:

[#1] - Object IDs associated with Microsoft cryptography - based on information obtained 2020-02-16

Active Sessions	54
Uptime	12d, 20h 4m 46s
Number of pages	16390

Overview#

Examples:#

More Information#

Lead Pages#

Donations#