Appendix C: X.509 v3 Extensions¶
The X.509 v3 format defines a set of extensions for certificates, certificate signing requests (CSR), and certificate revocation lists (CRL). [RFC 5280#section-4.2]
Such extensions:
Define type and purpose of a certificate, CSR, or CRL.
Define restrictions on the applicability of a certificate or CRL.
Provide pointers to issuer and revocation information for a certificate or CRL.
The most commonly encountered extensions are discussed below:
keyUsage¶
MUST be present in all certificates and CSRs. Always critical.
CA certificates use keyCertSign and cRLSign. User certificates use
digitalSignature and keyEncipherment.
basicConstraints¶
MUST be present in all certificates. MAY be present in CSRs. Critical in CA certificates.
The extension has two values:
CAwhich is a boolean value set to TRUE for CA certificates and FALSE for user certificates. Always present [1].pathlenwhich is an integer value defining the number of CAs allowed below the CA carrying the extension. MAY be present in non-root CA certificates.
Footnotes
extendedKeyUsage (EKU)¶
MAY be present in non-root certificates and CSRs [2]. Critical or not depending on purpose.
Together with keyUsage and basicConstraints this extension
controls how a certificate may be used.
Defined purposes are: emailProtection, serverAuth, clientAuth,
codeSigning, timeStamping, and OCSPSigning.
The latter three MUST be marked critical in user certificates.
Footnotes
subjectKeyIdentifier¶
MUST be present in all certificates and CSRs. Never critical.
Key ID derived from the hash of the subject’s public key.
subjectInfoAccess (SIA)¶
MAY be present in all certificates and CSRs. Never critical.
The extension has two values:
caRepositorypoints to cross-certificates issued by the CA in the certificate subject.timeStampingpoints to a time-stamping service offered by the certificate subject.
crlDistributionPoints¶
MAY be present in non-root certificates. Never critical.
Points to the CRL issued by the CA that has issued the certificate.
subjectAltName (SAN)¶
MAY be present in all certificates and CSRs. Critical if subject DN is empty.
Contains names associated with the certificate’s subject, that can or should not be part of the DN. This includes Internet domain names, email addresses, and URIs.
issuerAltName (IAN)¶
MAY be present in all certificates and CRLs. Never critical.
Contains names associated with the certificate’s issuer, that can or should not be part of the DN. This includes Internet domain names, email addresses, and URIs.
nameConstraints¶
MAY be present in CA certificates and cross-certificates. SHOULD be marked critical.
Defines a namespace within which all subsequent subject names in the certificate path must reside.
Self-signed root certificates are not considered in the name validation process unless the certificate is the final certificate in the path.
certificatePolicies¶
MAY be present in non-root certificates. SHOULD be marked critical.
Certificate policies are labels attached to the certificate path. To be valid, a policy must be present in every certificate along the path to the root CA. A policy has no meaning outside of what the PKI-owner wants it to mean. The extension SHOULD be marked critical, but usually isn’t out of compatibility concerns.
Self-signed root certificates are not considered in the policy validation process and never have a certificatePolicies extension.
policyMappings¶
MAY be present in cross-certificates. SHOULD be marked critical.
Provides a way to map certificate policies between PKIs. The extension SHOULD be marked critical, but usually isn’t out of compatibility concerns.