🟣extendedKeyUsage
Provides a list of the most commonly used values for extendedKeyUsage, as well as their respective OID.
The following extendedKeyUsage can define what your extended usages are for.
Microsoft's certreq command uses the OID, OpenSSL can use the value or OID.
2.5.29.37.0
Any extended key usage
serverAuth
1.3.6.1.5.5.7.3.1
clientAuth
1.3.6.1.5.5.7.3.2
codeSigning
1.3.6.1.5.5.7.3.3
emailProtection
1.3.6.1.5.5.7.3.4
timeStamping
1.3.6.1.5.5.7.3.8
Trusted Timestamping (Binding the hash of an object to a time)
msCodeInd
1.3.6.1.4.1.311.2.1.21
Microsoft Individual Code Signing (authenticode)
msCodeCom
1.3.6.1.4.1.311.2.1.22
Microsoft Commercial Code Signing (authenticode)
msCTLSign
1.3.6.1.4.1.311.10.3.1
Microsoft Trust List Signing
msSGC
1.3.6.1.4.1.311.10.3.3
Microsoft Server Gated Crypto
msEFS
1.3.6.1.4.1.311.10.3.4
Microsoft Encrypted File System
msEFSR
1.3.6.1.4.1.311.10.3.4.1
Microsoft EFS Recovery
msExtReq
1.3.6.1.4.1.311.2.1.14
Microsoft Extension Request
nsSGC
2.16.840.1.113730.4.1
Netscape Server Gated Crypto
msUPN
1.3.6.1.4.1.311.20.2.3
Microsoft User Principal Name
unknown
1.3.6.1.4.1.311.21.6
EFS Key Recovery Agent
driveEncryption
1.3.6.1.4.1.311.67.1.1
Bitlocker Drive Encryption
driveRecovery
1.3.6.1.4.1.311.67.1.2
Bitlocker Data Recovery Agent
msSmartcardLogin
1.3.6.1.4.1.311.20.2.2
Microsoft Smartcard Login
secureShellClient
1.3.6.1.5.5.7.3.21
Secure Shell client
secureShellServer
1.3.6.1.5.5.7.3.22
Secure Shell server
iKEIntermediate
1.3.6.1.5.5.8.2.2
IPSec Intermediate System Usage
ipsecEndSystem
1.3.6.1.5.5.7.3.5
IPSEC End System Certificate
ipsecTunnel
1.3.6.1.5.5.7.3.6
IP security tunnel termination
ipsecUser
1.3.6.1.5.5.7.3.7
IP security user
OCSPSigning
1.3.6.1.5.5.7.3.9
OCSPstamping
dvcs
1.3.6.1.5.5.7.3.10
Data Validation and Certification Server (DVCS)
scvpResponder
1.3.6.1.5.5.7.3.12
This OID is obsolete.
id-kp-eapOverPPP
1.3.6.1.5.5.7.3.13
Authentication Protocol (EAP)
id-kp-eapOverLAN
1.3.6.1.5.5.7.3.14
Authentication Protocol (EAP)
id-kp-scvpServer
1.3.6.1.5.5.7.3.15
SCVP Server
id-kp-scvpClient
1.3.6.1.5.5.7.3.16
SCVP Client
adobeSigning
1.2.840.113583.1.1.5
Adobe Authentic Documents Trust Adobe PDF Signing This and Microsoft Document Signing usually tied together.
adobeDigitcert
2.16.840.1.114412.3.21
Adobe Signing Certificate Digitcert
msofficeSigning
1.3.6.1.4.1.311.10.3.12
Microsoft Document Signing
msDocSigning
1.3.6.1.4.1.311.3.10.3.12
Timestamping signature (Ms-CounterSign) (old)
microsoftCaVersion
1.3.6.1.4.1.311.21.1
Microsoft CertSrv Infrastructure certsrv.exe
rda
1.3.6.1.4.1.311.54.1.2
MS Remote Desktop Authentication
szOID_DOCUMENT_ENCRYPTION
1.3.6.1.4.1.311.80.1
Document Encryption
gpgUsageCert
1.3.6.1.4.1.11591.2.6.1
GPG Certify
gpgUsageSign
1.3.6.1.4.1.11591.2.6.2
GPG Sign
gpgUsageEncr
1.3.6.1.4.1.11591.2.6.3
GPG Encryption
gpgUsageAuth
1.3.6.1.4.1.11591.2.6.4
GPG Authenticate
adobex509
1.2.840.113583.1.1.9
X509-Extension: Adobe proprietary
msAuthenticode
1.3.6.1.4.1.311.2
Microsoft Authenticode
msTimestamping
1.3.6.1.4.1.311.3
Microsoft Timestamping
msKernalDriver
2.16.840.1.114412.3.11
Windows Kernal Driver Signing
Last updated