Certificate profile options
Certificate profiles enable additional x.509 extension fields on SSL/TLS certificate request forms in CertCentral. When DigiCert enables a profile option for your account, the option appears under Additional certificate options on the request form.
Contact your DigiCert account representative or DigiCert support to enable certificate profile options for your account.
OCSP Must-Staple
Includes the OCSP Must-Staple extension in the certificate. Available for OV and EV SSL/TLS certificates only.
Notice
Browsers that support OCSP Must-Staple may display a blocking interstitial to users accessing your site if the OCSP response is not properly stapled during the TLS handshake. Configure your server to staple the OCSP response before installing the certificate.
HTTP Signed Exchange (SXG)
Adds the CanSignHTTPExchanges extension to the certificate. Available for OV and EV SSL/TLS certificates only. This feature is under active development and requirements may change.
Delegated credentials
Includes the DelegationUsage extension in the certificate. Available for OV and EV SSL/TLS certificates only. This feature is in active IETF development and specifications may change.
Intel vPro EKU
Adds the Intel vPro extended key usage field to the certificate. Available for OV SSL/TLS certificates only.
KDC/SmartCardLogon EKU
Includes the Kerberos Constrained Delegation (KDC) and SmartCardLogon extended key usage fields in the certificate. Available for OV SSL/TLS certificates only.
What's next
Configure ICA certificate chain selection to select the preferred intermediate CA chain for public TLS/SSL certificates