keyUsageExtension

 

 

CA:

  • Self signed root CA
  • Intermediate CA ( can sign other CA)
  • Intermediate CA ( can not sign other CA)
  • end-entity certificates

 

CA 证书 必须有 keyCertSign extension, 如果要 sign revocation list (CRL) ,还必须有 cRLSign extension, 其它 keyUsages 应该避免出现在CA中

 

ssl - OpenSSL CA keyUsage extension - Super User

 

/docs/manmaster/man5/x509v3_config.html (openssl.org)

 

posted @ 2021-07-01 17:05  ascertain  阅读(129)  评论(0编辑  收藏  举报