diff options
Diffstat (limited to 'docs/sysadmin/pki/x509.md')
-rw-r--r-- | docs/sysadmin/pki/x509.md | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/docs/sysadmin/pki/x509.md b/docs/sysadmin/pki/x509.md index 13e9794..6b3424d 100644 --- a/docs/sysadmin/pki/x509.md +++ b/docs/sysadmin/pki/x509.md @@ -284,6 +284,23 @@ TODO ## Common Extensions +basicConstraints: Define whether the certificate is a CA or not, and optional +pathlen restrictions and name restrictions. Critical. + +keyUsage: Basic key usage like digitalSignature and cRLSign. + +extendedKeyUsage: Like serverAuth. + +crlDistributionPoints: URLs to the CRL of the issuer CA. + +authorityInformationAccess: URL to the issuer CA. + +subjectAlternativeName: Domain, DNS, etc. + +It is useful to use `openssl x509 -text -noout -in /path/to/cert` to check an +existing certificate and read through X.509 specifications for the extension in +interest. + ## ASN.1, Encoding, BER, DER, and PEM > Note that this it not part of the X.509 specification. |