SSL Server Certificate Extensions - dogtagpki/pki GitHub Wiki

To display SSL server certificate extensions:

$ pki-server cert-export sslserver --cert-file sslserver.crt
$ openssl x509 -text -noout -in sslserver.crt
...
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:F8:1E:0E:C5:94:6C:FC:2E:5A:38:7A:D9:6E:8E:97:73:E2:EA:A3:3C

            Authority Information Access:
                OCSP - URI:http://pki.example.com:8080/ca/ocsp

            X509v3 Key Usage: critical
                ...
            X509v3 Extended Key Usage:
                TLS Web Server Authentication
            X509v3 Subject Alternative Name:
                DNS:pki.example.com
...

For server certificate with an RSA key, it will have the following key usages:

            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Data Encipherment

For server certificate with an ECC key, it will have the following key usages:

            X509v3 Key Usage: critical
                Digital Signature, Data Encipherment, Key Agreement

See also:

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
⚠️ **GitHub.com Fallback** ⚠️