1 证书里面剩余两个字段介绍
在上一篇文档中, 我们剩下Extensions, Certificate Signature Algorithm & Cetificate Signature Value等字段没有具体介绍.本文续上.
1.1 extensions字段
该字段为x509证书的扩展字段, v3之前的版本没有的.
x509的证书扩展作用有,比如
(1)该证书是否可以用作CA给其他证书签名.
(2)该证书的用途,是做客户端认证,服务端认证,EAP认证,IPSec隧道认证等等.
(3)SAN扩展,解决多个网站用同一张证书问题.
(4)除了这些,还有很多很多,在此不一一介绍,可以自行查阅相关资料
该字段的内容,一般如下
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Authority Key Identifier:
keyid:98:6A:B6:2D:2E:BF:A7:AA:9F:F6:F7:D6:09:AF:D5:8B:57:F9:8A:B7
Authority Information Access:
CA Issuers - URI:http://trust.quovadisglobal.com/hydsslg2.crt
OCSP - URI:http://ocsp.quovadisglobal.com
X509v3 Subject Alternative Name:
DNS:www.cisco.com, DNS:www1.cisco.com, DNS:www2.cisco.com, DNS:www.static-cisco.com, DNS:www-rtp.cisco.com, DNS:cisco-images.cisco.com, DNS:www3.cisco.com, DNS:cisco.com, DNS:www.mediafiles-cisco.com, DNS:www-01.cisco.com, DNS:www-02.cisco.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
Policy: 1.3.6.1.4.1.8024.0.3.900.0
CPS: http://www.hydrantid.com/support/repository
X509v3 Extended Key Usage:
TLS Web C