Specifying the intended purpose for the certificate
About specifying the intended purpose for a certificate
An issued certificate contains the extensions which restrict the usage of the certificate to specific purposes. You can specify the intended purposes for a certificate, which will be included in the certificate request sent to the CA. However, the actual extensions contained in an issued certificate depend on the CA policy, and they might be different from those specified in the PKI domain. Whether an application will use the certificate during authentication depends on the application's policy.
Supported certificate extensions include:
ike—Certificates carrying this extension can be used by IKE peers.
ssl-client—Certificates carrying this extension can be used by SSL clients.
ssl-server—Certificates carrying this extension can be used by SSL servers.
Procedure
Enter system view.
system-view
Enter PKI domain view.
pki domain domain-name
Specify the intended use for the certificate.
usage { ike | ssl-client | ssl-server } *
By default, the certificate can be used by all supported applications, including IKE, SSL client, and SSL server.