Subsystem Certificate Extensions - dogtagpki/pki GitHub Wiki
To display subsystem certificate extensions:
$ pki-server cert-export subsystem --cert-file subsystem.crt $ openssl x509 -text -noout -in subsystem.crt ... X509v3 extensions: X509v3 Authority Key Identifier: keyid:F8:1E:0E:C5:94:6C:FC:2E:5A:38:7A:D9:6E:8E:97:73:E2:EA:A3:3C Authority Information Access: OCSP - URI:http://pki.example.com:8080/ca/ocsp X509v3 Key Usage: critical ... X509v3 Extended Key Usage: TLS Web Client Authentication ...
For subsystem certificate with an RSA key, it will have the following key usages:
X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
For subsystem certificate with an ECC key, it will have the following key usages:
X509v3 Key Usage: critical Digital Signature, Data Encipherment, Key Agreement
See also: