About Certificate Extensions


Certificate extensions can be added to Version 3 X.509 certificates during Key Pair generation or when signing a CSR. Extensions allow extra attributes to be attached to the certificate.

KeyStore Explorer supports the addition of most of the set of extensions specified in RFC 5280 (Certificate Profile) and the Netscape Certificate Extensions. See Specifications for details of supported certificate extensions.

The RFC 5280 extensions tend to be complex structures. See the Certificate Extensions section of the RFC document Certificate and Certificate Revocation List (CRL) Profile for specific details. This document is freely available on the internet. The Netscape set of extensions are simpler and their specifics are documented generally on the web.


Copyright 2004 - 2013 Wayne Grant, 2013 - 2017 Kai Kramer