Skip to main content

Extended key usages

Extended key usage allows you to define the extended key usage extensions in the certificate.

Example JSON: Extended key usage

{
  ...
  "extensions": {
    "extended_key_usage": {
      "critical": true,
      "allow_critical_override": true,
      "include": "yes",
      "required_usages": [
        "client_authentication"
      ],
      "optional_usages": [
        "server_authentication",
        "code_signing",
        "email_protection",
        "smart_card_logon"
      ]
    }
  }
}

Parameters: Extended key usage

Name	Type	Req/Opt	Description
extended_key_usage	object	required	Extended key usage details
.. critical	boolean	optional	If true (default), the extended key usage extension is critical. If false, the extended key usage extension is not critical.
.. allow_critical_override	boolean	optional	If true, the extended key usage critical setting can be changed in the certificate profile and certificate requests. If false (default), the extended key usage critical setting is set according to the certificate template definition.
.. include	string	optional	Define if the extended key usage must be included in the certificate. Possible values: `yes` (default): include extended key usage in the certificate `no`: exclude extended key usage from certificate
.. required_usages	array of strings	optional	Define the extended key usages that must be included in the certificate. Possible values: `client_authentication` `server_authentication` `code_signing` `email_protection` `smart_card_logon`
.. optional_usages	array of strings	optional	Define the extended key usages that may be included if allowed in the certificate profile. Possible values: `client_authentication` `server_authentication` `code_signing` `email_protection` `smart_card_logon`

Nesta secção:

Was this helpful?