Key usage
Key usage allows you to define the key usage extensions in the certificate.
Example JSON: Key usage
{
...
"extensions": {
"key_usage": {
"critical": true,
"allow_critical_override": true,
"required_usages": {
"rsa": [
"digital_signature"
],
"ecdsa": [
"digital_signature"
]
},
"optional_usages": {
"rsa": [
"non_repudiation",
"key_encipherment",
"data_encipherment"
],
"ecdsa": [
"non_repudiation",
"key_agreement"
]
}
}
}
} |
Parameters: Key usage
Name | Type | Req/Opt | Description |
|---|---|---|---|
key_usage | object | required | Key usage extension details. |
.. critical | boolean | optional | If true (default), the key usage extension is critical. If false, the key usage extension is not critical. |
.. allow_critical_override | boolean | optional | If true, the key usage critical setting can be changed in the certificate profile and certificate requests. If false (default), the key usage critical setting is set according to the certificate template definition. |
.. required_usage | object | optional | List of required key usages to be included in the certificate. |
.. .. rsa | array of strings | required | Define the required RSA key usages. Possible values:
|
.. .. ecdsa | array of strings | required | Define the required ECDSA key usages. Possible values:
Note: ECDSA allows you to include only one of these in a certificate: |
.. optional_usages | object | optional | List of optional key usages that can be included when selected in the certificate profile or provided in the certificate request. |
.. .. rsa | array of strings | required | Define the optional RSA key usages that may be included if allowed in the certificate profile. Possible values:
|
.. .. ecdsa | array of strings | required | Define the optional ECDSA key usages that may be included if allowed in the certificate profile. Possible values:
Note: ECDSA allows you to include only one of these in a certificate: |