Skip to content

CA Signing Certificate Extensions

Endi S. Dewata edited this page Jan 11, 2022 · 5 revisions

To display CA signing certificate extensions:

$ pki-server cert-export ca_signing --cert-file ca_signing.crt
$ openssl x509 -text -noout -in ca_signing.crt
...
         X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:F8:1E:0E:C5:94:6C:FC:2E:5A:38:7A:D9:6E:8E:97:73:E2:EA:A3:3C

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier:
                F8:1E:0E:C5:94:6C:FC:2E:5A:38:7A:D9:6E:8E:97:73:E2:EA:A3:3C
            Authority Information Access:
                OCSP - URI:http://pki.example.com:8080/ca/ocsp
...

See also:

Clone this wiki locally