Skip to content

Tutorial for extensions when generating certificate

Jump to bottom
Kenji Urushima edited this page Apr 28, 2021 · 21 revisions

UNDER CONSTRUCTION

Extensions can be specified as JSON object when generating a certificate.

This document describes samples for extensions.

Common to extensions

"extname" member shall be specified. "critical" flag is OPTION.

{ extname: "NAME-OF-EXTENSION",
  critical: true, // OPTION: critical flag can be specified
  ... extension values ... }

Basic Constraints

{ extname: "basicConstraints",
  critical: true,
  cA: true,     // OPTION. "false" can also be specified.
  pathLen: 2 }  // OPTION

Key Usage

{ extname: "keyUsage", names: ["digitalSignature", "nonRepudiation"] } // don't need to care ordering

Key usage value can also be specified by DERBitString parameters.

{ extname: "keyUsage", bit: "11" }
{ extname: "keyUsage", array: [true, true, false, true] }

CRL Distribution Points

{ extname: "cRLDistributionPoints",
  array: [
    {fulluri: "http://repository.example.com/CA1.crl"}
  ] }

Authority Info Access

{ extname: "authorityInfoAccess",
  array: [
    {ocsp: 'http://ocsp.example.org'},
    {caissuer: 'https://repository.example.org/ca1.crt'}  
  ] }

jsrsasign TOP | github | Wiki | DOWNLOADS | TUTORIALS | API REFERENCE | Online Tool | DEMO | NODE TOOL | AddOn | AddOn2 | DONATE

Clone this wiki locally