From 722f9869c282af2c4e27f95deb8f232d106ae46d Mon Sep 17 00:00:00 2001
From: Yuuta Liang <yuuta@yuuta.moe>
Date: Thu, 9 Nov 2023 09:02:12 +0800
Subject: Add missing common extensions

---
 docs/sysadmin/pki/x509.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/docs/sysadmin/pki/x509.md b/docs/sysadmin/pki/x509.md
index 13e9794..6b3424d 100644
--- a/docs/sysadmin/pki/x509.md
+++ b/docs/sysadmin/pki/x509.md
@@ -284,6 +284,23 @@ TODO
 
 ## Common Extensions
 
+basicConstraints: Define whether the certificate is a CA or not, and optional
+pathlen restrictions and name restrictions. Critical.
+
+keyUsage: Basic key usage like digitalSignature and cRLSign.
+
+extendedKeyUsage: Like serverAuth.
+
+crlDistributionPoints: URLs to the CRL of the issuer CA.
+
+authorityInformationAccess: URL to the issuer CA.
+
+subjectAlternativeName: Domain, DNS, etc.
+
+It is useful to use `openssl x509 -text -noout -in /path/to/cert` to check an
+existing certificate and read through X.509 specifications for the extension in
+interest.
+
 ## ASN.1, Encoding, BER, DER, and PEM
 
 > Note that this it not part of the X.509 specification.
-- 
cgit v1.2.3