diff options
author | Yuuta Liang <yuuta@yuuta.moe> | 2023-11-09 09:02:12 +0800 |
---|---|---|
committer | Yuuta Liang <yuuta@yuuta.moe> | 2023-11-09 09:02:12 +0800 |
commit | 722f9869c282af2c4e27f95deb8f232d106ae46d (patch) | |
tree | 232c6a60e2d189377b455d431045a1609959cce2 | |
parent | c0ce201952c6fb6806bab98e694eea8285a8037e (diff) | |
download | kb-722f9869c282af2c4e27f95deb8f232d106ae46d.tar kb-722f9869c282af2c4e27f95deb8f232d106ae46d.tar.gz kb-722f9869c282af2c4e27f95deb8f232d106ae46d.tar.bz2 kb-722f9869c282af2c4e27f95deb8f232d106ae46d.zip |
Add missing common extensions
-rw-r--r-- | docs/sysadmin/pki/x509.md | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/docs/sysadmin/pki/x509.md b/docs/sysadmin/pki/x509.md index 13e9794..6b3424d 100644 --- a/docs/sysadmin/pki/x509.md +++ b/docs/sysadmin/pki/x509.md @@ -284,6 +284,23 @@ TODO ## Common Extensions +basicConstraints: Define whether the certificate is a CA or not, and optional +pathlen restrictions and name restrictions. Critical. + +keyUsage: Basic key usage like digitalSignature and cRLSign. + +extendedKeyUsage: Like serverAuth. + +crlDistributionPoints: URLs to the CRL of the issuer CA. + +authorityInformationAccess: URL to the issuer CA. + +subjectAlternativeName: Domain, DNS, etc. + +It is useful to use `openssl x509 -text -noout -in /path/to/cert` to check an +existing certificate and read through X.509 specifications for the extension in +interest. + ## ASN.1, Encoding, BER, DER, and PEM > Note that this it not part of the X.509 specification. |