keyUsageExtension
CA:
- Self signed root CA
- Intermediate CA ( can sign other CA)
- Intermediate CA ( can not sign other CA)
- end-entity certificates
CA 证书 必须有 keyCertSign extension, 如果要 sign revocation list (CRL) ,还必须有 cRLSign extension, 其它 keyUsages 应该避免出现在CA中
ssl - OpenSSL CA keyUsage extension - Super User
/docs/manmaster/man5/x509v3_config.html (openssl.org)
浙公网安备 33010602011771号