Certificate profile options

Certificate profiles allow you to do more with your certificates. Some options allow you to include an additional field in your certificate, while others allow you include in an additional x.509 extension.

These certificate profiles must be turned on for your account. They are not part of the default CertCentral configuration. To enable a certificate profile for your account, reach out to your account representative or contact our Support team.

Supported certificate profiles

If enabled for your account, these profile options appear on your SSL/TLS certificate request forms under Additional Certificate Options.

  • Intel vPro EKU
    Allows you to include the Intel vPro EKU field in an OV SSL/TLS certificate.
  • KDC/SmartCardLogon EKU
    Allows you to include the Kerberos Constrained Delegation (KDC) and SmartCardLogon EKUs (Extended Key Usage) in an OV SSL/TLS certificate.
  • OCSP Must-Staple
    Allows you to include the OCSP Must-Staple extension in OV and EV SSL/TLS certificates.
    Browsers with support for OCSP must-staple may display a blocking interstitial to users accessing your site. Ensure that your site is configured to properly and robustly serve stapled OCSP Responses before installing the certificate.
  • HTTP Signed Exchange
    Allows you to include the CanSignHTTPExchanges extension in an OV and EV SSL/TLS certificate.
    The HTTP Signed Exchange extension is under active development. There may be additional changes to the requirements as industry development continues.
  • Delegated Credentials
    Allows you to include the DelegationUsage extension in OV and EV SSL/TLS certificates.
    The Delegated Credentials for TLS extension is under active development within the Internet Engineering Task Force (IETF). There may be additional changes to the requirements as industry development continues.

Related topics: