Skip to main content

Certificate profile options

Certificate profiles allow you to do more with your certificates. Some options allow you to include an additional field in your certificate, while others allow you to include an additional x.509 extension.

Certificate profiles must be turned on for your account before you can use them. They are not part of the default CertCentral configuration. To enable a certificate profile for your account, reach out to your account representative or contact DigiCert support.

Supported certificate profiles

Once profiles are enabled for your account, these options appear on your SSL/TLS certificate request forms under Additional certificate options.

  • OCSP Must-Staple

    Allows you to include the OCSP Must-Staple extension in OV and EV SSL/TLS certificates.

    Browsers with support for OCSP must-staple may display a blocking interstitial to users accessing your site. Ensure your site is configured to properly serve stapled OCSP Responses before installing the certificate.

  • HTTP Signed Exchange

    Allows you to include the CanSignHTTPExchanges extension in an OV and EV SSL/TLS certificate.

    The HTTP Signed Exchange extension is under active development. There may be additional changes to the requirements as industry development continues.

  • Delegated Credentials

    Allows you to include the DelegationUsage extension in OV and EV SSL/TLS certificates.

    The Delegated Credentials for TLS extension is under active development within the Internet Engineering Task Force (IETF). There may be additional changes to the requirements as industry development continues.

  • Intel vPro EKU

    Allows you to include the Intel vPro EKU field in OV SSL/TLS certificates.

  • KDC/SmartCardLogon EKU

    Allows you to include the Kerberos Constrained Delegation (KDC) and SmartCardLogon EKUs (Extended Key Usage) in OV SSL/TLS certificates.