KeyStore Explorer supports the addition of most of the set of extensions specified in RFC 5280 (Certificate Profile) and the Netscape Certificate Extensions. See Specifications for details of supported certificate extensions.
The RFC 5280 extensions tend to be complex structures. See the
Certificate Extensions section of the RFC document
Certificate and Certificate Revocation List (CRL) Profile for
specific details. This document is freely available on the internet.
The Netscape set of extensions are simpler and their specifics are
documented generally on the web.