Certificate Extensions

Certificate extensions can be added to Version 3 X.509 certificates during Key Pair generation or when signing a CSR. Extensions allow extra attributes to be attached to the certificate.

KeyStore Explorer supports the addition of most of the set of extensions specified in RFC 5280 (Certificate Profile) and the Netscape Certificate Extensions. See Specifications for details of supported certificate extensions.

The RFC 5280 extensions tend to be complex structures. See the Certificate Extensions section of the RFC document Certificate and Certificate Revocation List (CRL) Profile for specific details. This document is freely available on the internet. The Netscape set of extensions are simpler and their specifics are documented generally on the web.


Add Certificate Extensions

To add certificate extensions during Key Pair generation or when signing a CSR :
  1. Click the Add Extensions button at the appropriate step.
  2. The Add Certificate Extensions dialog will be displayed. Click the Add button .
  3. The Add Extension Type dialog will be displayed. Select the required Extension Type and check Critical Extension if the extension is to be marked critical.
  4. Press the OK button.
  5. A dialog will be displayed specific to the extension type selected. Each extension requires a different structure of values. For a guide to completing a given dialog utilize available documentation found on the Internet. When finished press the OK button.
  6. The Add Certificate Extensions dialog will again be displayed with the new extension listed in the extensions table. Repeat the above steps to add further extensions.
  7. Click on the Edit button to edit an existing extension.
  8. Click on the Toggle Criticality button to change the criticality of an existing extension.
  9. Click on the Remove button to remove an unnecessary extension.
  10. It is possible to save a chosen set of certificate extensions as a template by pressing the Save Template button. These can be loaded later by pressing the Load Template button.
  11. Press the OK button.
  12. The chosen certificate extensions will be added.