Skip to main content

Basic constraints

The basic constraints parameter allows you to define the basic constraints extensions.

Example JSON: Basic constraints

Includes basic constraints in the certificate
{ ... "extensions": { "basic_constraints": { "include": "yes", "ca": true "path_length": 2 } } }
Do not include basic constraints in the certificate
{ ... "extensions": { "basic_constraints": { "include": "no" } } }

Parameters: Basic constraints

Name	Type	Req/Opt	Description
basic_constraints	object	optional	Basic constraint details
.. include	string	optional	Define if basic constraints are included in the certificate. Possible values: `yes` (default): include basic constraints in the certificate `no`: do not include basic constraints in the certificate
.. ca	boolean	optional	If false, the certificate is not a certificate authority (CA) certificate. If true, the certificate is a CA certificate. If set to true: CA certificate must have this feature enabled on it and must be a private issuer CA certificate The `key_usage` extension will be set automatically, so the certificate template must not include any `key_usage` values. Any `key_usage` value included in the certificate template will cause the certificate template to be rejected.
.. path_length	integer	optional	Sets the pathLenConstraint in the ≥`basic_constraints`. Only use if `ca` is set to true. If `ca` is set to false, this value is ignored. Possible values: 0 (default): include the field and set path length to zero -1:exclude the field from the certificate and do not set path length > 0: include the field in the certificate and set the path length to an integer greater than 0

In this section: