X509 Certificate Purpose Setting

Go To StackoverFlow.com


I would like to ask when is the purpose of a certificate, like Server Authentication, Client Authentication, set for the certificate.

Is it when we generate the CSR or when it is signed by the CA?

2012-04-04 17:38
by Lancer-Matrix
It's the CA that decides what it wants to issue the certificate for - Eugene Mayevski 'Allied Bits 2012-04-04 18:18


The CSR is a Certificate Signing Request. If it is a PKCS#10 request (by far the most common type) it can indicate which extensions are requested and that can include the Extended Key Usage (aka purpose). But the CA ultimately decides what to include when it creates and signs the cert. It could choose not to issue a cert. It could issue a cert with a subset of the requested attributes. It could issue a cert that is completely different. It could issue a cert that is exactly what the CSR requested.

2012-07-05 02:25
by John Watts