🟣extendedKeyUsage

Provides a list of the most commonly used values for extendedKeyUsage, as well as their respective OID.

The following extendedKeyUsage can define what your extended usages are for.

Microsoft's certreq command uses the OID, OpenSSL can use the value or OID.

Value
OID
Description

2.5.29.37.0

Any extended key usage

serverAuth

1.3.6.1.5.5.7.3.1

clientAuth

1.3.6.1.5.5.7.3.2

codeSigning

1.3.6.1.5.5.7.3.3

emailProtection

1.3.6.1.5.5.7.3.4

timeStamping

1.3.6.1.5.5.7.3.8

Trusted Timestamping (Binding the hash of an object to a time)

msCodeInd

1.3.6.1.4.1.311.2.1.21

Microsoft Individual Code Signing (authenticode)

msCodeCom

1.3.6.1.4.1.311.2.1.22

Microsoft Commercial Code Signing (authenticode)

msCTLSign

1.3.6.1.4.1.311.10.3.1

Microsoft Trust List Signing

msSGC

1.3.6.1.4.1.311.10.3.3

Microsoft Server Gated Crypto

msEFS

1.3.6.1.4.1.311.10.3.4

Microsoft Encrypted File System

msEFSR

1.3.6.1.4.1.311.10.3.4.1

Microsoft EFS Recovery

msExtReq

1.3.6.1.4.1.311.2.1.14

Microsoft Extension Request

nsSGC

2.16.840.1.113730.4.1

Netscape Server Gated Crypto

msUPN

1.3.6.1.4.1.311.20.2.3

Microsoft User Principal Name

unknown

1.3.6.1.4.1.311.21.6

EFS Key Recovery Agent

driveEncryption

1.3.6.1.4.1.311.67.1.1

Bitlocker Drive Encryption

driveRecovery

1.3.6.1.4.1.311.67.1.2

Bitlocker Data Recovery Agent

msSmartcardLogin

1.3.6.1.4.1.311.20.2.2

Microsoft Smartcard Login

secureShellClient

1.3.6.1.5.5.7.3.21

Secure Shell client

secureShellServer

1.3.6.1.5.5.7.3.22

Secure Shell server

iKEIntermediate

1.3.6.1.5.5.8.2.2

IPSec Intermediate System Usage

ipsecEndSystem

1.3.6.1.5.5.7.3.5

IPSEC End System Certificate

ipsecTunnel

1.3.6.1.5.5.7.3.6

IP security tunnel termination

ipsecUser

1.3.6.1.5.5.7.3.7

IP security user

OCSPSigning

1.3.6.1.5.5.7.3.9

OCSPstamping

dvcs

1.3.6.1.5.5.7.3.10

Data Validation and Certification Server (DVCS)

scvpResponder

1.3.6.1.5.5.7.3.12

This OID is obsolete.

id-kp-eapOverPPP

1.3.6.1.5.5.7.3.13

Authentication Protocol (EAP)

id-kp-eapOverLAN

1.3.6.1.5.5.7.3.14

Authentication Protocol (EAP)

id-kp-scvpServer

1.3.6.1.5.5.7.3.15

SCVP Server

id-kp-scvpClient

1.3.6.1.5.5.7.3.16

SCVP Client

adobeSigning

1.2.840.113583.1.1.5

Adobe Authentic Documents Trust Adobe PDF Signing This and Microsoft Document Signing usually tied together.

adobeDigitcert

2.16.840.1.114412.3.21

Adobe Signing Certificate Digitcert

msofficeSigning

1.3.6.1.4.1.311.10.3.12

Microsoft Document Signing

msDocSigning

1.3.6.1.4.1.311.3.10.3.12

Timestamping signature (Ms-CounterSign) (old)

microsoftCaVersion

1.3.6.1.4.1.311.21.1

Microsoft CertSrv Infrastructure certsrv.exe

rda

1.3.6.1.4.1.311.54.1.2

MS Remote Desktop Authentication

szOID_DOCUMENT_ENCRYPTION

1.3.6.1.4.1.311.80.1

Document Encryption

gpgUsageCert

1.3.6.1.4.1.11591.2.6.1

GPG Certify

gpgUsageSign

1.3.6.1.4.1.11591.2.6.2

GPG Sign

gpgUsageEncr

1.3.6.1.4.1.11591.2.6.3

GPG Encryption

gpgUsageAuth

1.3.6.1.4.1.11591.2.6.4

GPG Authenticate

adobex509

1.2.840.113583.1.1.9

X509-Extension: Adobe proprietary

msAuthenticode

1.3.6.1.4.1.311.2

Microsoft Authenticode

msTimestamping

1.3.6.1.4.1.311.3

Microsoft Timestamping

msKernalDriver

2.16.840.1.114412.3.11

Windows Kernal Driver Signing

[EnhancedKeyUsageExtension]
OID=1.3.6.1.4.1.311.67.1.1 ; BitLocker Drive Encryption
OID=1.3.6.1.4.1.311.10.3.4 ; Encrypted file System 

Last updated