Specifying the intended purpose for the certificate

About specifying the intended purpose for a certificate

An issued certificate contains the extensions which restrict the usage of the certificate to specific purposes. You can specify the intended purposes for a certificate, which will be included in the certificate request sent to the CA. However, the actual extensions contained in an issued certificate depend on the CA policy, and they might be different from those specified in the PKI domain. Whether an application will use the certificate during authentication depends on the application's policy.

Supported certificate extensions include:

Procedure

  1. Enter system view.

    system-view

  2. Enter PKI domain view.

    pki domain domain-name

  3. Specify the intended use for the certificate.

    usage { ike | ssl-client | ssl-server } *

    By default, the certificate can be used by all supported applications, including IKE, SSL client, and SSL server.