1X509V3_CONFIG(5ossl) OpenSSL X509V3_CONFIG(5ossl)
2
3
4
6 x509v3_config - X509 V3 certificate extension configuration format
7
9 Several OpenSSL commands can add extensions to a certificate or
10 certificate request based on the contents of a configuration file and
11 CLI options such as -addext. The syntax of configuration files is
12 described in config(5). The commands typically have an option to
13 specify the name of the configuration file, and a section within that
14 file; see the documentation of the individual command for details.
15
16 This page uses extensions as the name of the section, when needed in
17 examples.
18
19 Each entry in the extension section takes the form:
20
21 name = [critical, ]value(s)
22
23 If critical is present then the extension will be marked as critical.
24
25 If multiple entries are processed for the same extension name, later
26 entries override earlier ones with the same name.
27
28 The format of values depends on the value of name, many have a type-
29 value pairing where the type and value are separated by a colon. There
30 are four main types of extension:
31
32 string
33 multi-valued
34 raw
35 arbitrary
36
37 Each is described in the following paragraphs.
38
39 String extensions simply have a string which contains either the value
40 itself or how it is obtained.
41
42 Multi-valued extensions have a short form and a long form. The short
43 form is a comma-separated list of names and values:
44
45 basicConstraints = critical, CA:true, pathlen:1
46
47 The long form allows the values to be placed in a separate section:
48
49 [extensions]
50 basicConstraints = critical, @basic_constraints
51
52 [basic_constraints]
53 CA = true
54 pathlen = 1
55
56 Both forms are equivalent.
57
58 If an extension is multi-value and a field value must contain a comma
59 the long form must be used otherwise the comma would be misinterpreted
60 as a field separator. For example:
61
62 subjectAltName = URI:ldap://somehost.com/CN=foo,OU=bar
63
64 will produce an error but the equivalent form:
65
66 [extensions]
67 subjectAltName = @subject_alt_section
68
69 [subject_alt_section]
70 subjectAltName = URI:ldap://somehost.com/CN=foo,OU=bar
71
72 is valid.
73
74 OpenSSL does not support multiple occurrences of the same field within
75 a section. In this example:
76
77 [extensions]
78 subjectAltName = @alt_section
79
80 [alt_section]
81 email = steve@example.com
82 email = steve@example.org
83
84 will only recognize the last value. To specify multiple values append
85 a numeric identifier, as shown here:
86
87 [extensions]
88 subjectAltName = @alt_section
89
90 [alt_section]
91 email.1 = steve@example.com
92 email.2 = steve@example.org
93
94 The syntax of raw extensions is defined by the source code that parses
95 the extension but should be documened. See "Certificate Policies" for
96 an example of a raw extension.
97
98 If an extension type is unsupported, then the arbitrary extension
99 syntax must be used, see the "ARBITRARY EXTENSIONS" section for more
100 details.
101
103 The following sections describe the syntax of each supported extension.
104 They do not define the semantics of the extension.
105
106 Basic Constraints
107 This is a multi-valued extension which indicates whether a certificate
108 is a CA certificate. The first value is CA followed by TRUE or FALSE.
109 If CA is TRUE then an optional pathlen name followed by a nonnegative
110 value can be included.
111
112 For example:
113
114 basicConstraints = CA:TRUE
115
116 basicConstraints = CA:FALSE
117
118 basicConstraints = critical, CA:TRUE, pathlen:1
119
120 A CA certificate must include the basicConstraints name with the CA
121 parameter set to TRUE. An end-user certificate must either have
122 CA:FALSE or omit the extension entirely. The pathlen parameter
123 specifies the maximum number of CAs that can appear below this one in a
124 chain. A pathlen of zero means the CA cannot sign any sub-CA's, and can
125 only sign end-entity certificates.
126
127 Key Usage
128 Key usage is a multi-valued extension consisting of a list of names of
129 the permitted key usages. The defined values are: "digitalSignature",
130 "nonRepudiation", "keyEncipherment", "dataEncipherment",
131 "keyAgreement", "keyCertSign", "cRLSign", "encipherOnly", and
132 "decipherOnly".
133
134 Examples:
135
136 keyUsage = digitalSignature, nonRepudiation
137
138 keyUsage = critical, keyCertSign
139
140 Extended Key Usage
141 This extension consists of a list of values indicating purposes for
142 which the certificate public key can be used. Each value can be either
143 a short text name or an OID. The following text names, and their
144 intended meaning, are known:
145
146 Value Meaning according to RFC 5280 etc.
147 ----- ----------------------------------
148 serverAuth SSL/TLS WWW Server Authentication
149 clientAuth SSL/TLS WWW Client Authentication
150 codeSigning Code Signing
151 emailProtection E-mail Protection (S/MIME)
152 timeStamping Trusted Timestamping
153 OCSPSigning OCSP Signing
154 ipsecIKE ipsec Internet Key Exchange
155 msCodeInd Microsoft Individual Code Signing (authenticode)
156 msCodeCom Microsoft Commercial Code Signing (authenticode)
157 msCTLSign Microsoft Trust List Signing
158 msEFS Microsoft Encrypted File System
159
160 While IETF RFC 5280 says that id-kp-serverAuth and id-kp-clientAuth are
161 only for WWW use, in practice they are used for all kinds of TLS
162 clients and servers, and this is what OpenSSL assumes as well.
163
164 Examples:
165
166 extendedKeyUsage = critical, codeSigning, 1.2.3.4
167
168 extendedKeyUsage = serverAuth, clientAuth
169
170 Subject Key Identifier
171 The SKID extension specification has a value with three choices. If
172 the value is the word none then no SKID extension will be included. If
173 the value is the word hash, or by default for the x509, req, and ca
174 apps, the process specified in RFC 5280 section 4.2.1.2. (1) is
175 followed: The keyIdentifier is composed of the 160-bit SHA-1 hash of
176 the value of the BIT STRING subjectPublicKey (excluding the tag,
177 length, and number of unused bits).
178
179 Otherwise, the value must be a hex string (possibly with ":" separating
180 bytes) to output directly, however, this is strongly discouraged.
181
182 Example:
183
184 subjectKeyIdentifier = hash
185
186 Authority Key Identifier
187 The AKID extension specification may have the value none indicating
188 that no AKID shall be included. Otherwise it may have the value keyid
189 or issuer or both of them, separated by ",". Either or both can have
190 the option always, indicated by putting a colon ":" between the value
191 and this option. For self-signed certificates the AKID is suppressed
192 unless always is present. By default the x509, req, and ca apps behave
193 as if "none" was given for self-signed certificates and "keyid, issuer"
194 otherwise.
195
196 If keyid is present, an attempt is made to copy the subject key
197 identifier (SKID) from the issuer certificate except if the issuer
198 certificate is the same as the current one and it is not self-signed.
199 The hash of the public key related to the signing key is taken as
200 fallback if the issuer certificate is the same as the current
201 certificate. If always is present but no value can be obtained, an
202 error is returned.
203
204 If issuer is present, and in addition it has the option always
205 specified or keyid is not present, then the issuer DN and serial number
206 are copied from the issuer certificate.
207
208 Examples:
209
210 authorityKeyIdentifier = keyid, issuer
211
212 authorityKeyIdentifier = keyid, issuer:always
213
214 Subject Alternative Name
215 This is a multi-valued extension that supports several types of name
216 identifier, including email (an email address), URI (a uniform resource
217 indicator), DNS (a DNS domain name), RID (a registered ID: OBJECT
218 IDENTIFIER), IP (an IP address), dirName (a distinguished name), and
219 otherName. The syntax of each is described in the following
220 paragraphs.
221
222 The email option has two special values. "copy" will automatically
223 include any email addresses contained in the certificate subject name
224 in the extension. "move" will automatically move any email addresses
225 from the certificate subject name to the extension.
226
227 The IP address used in the IP option can be in either IPv4 or IPv6
228 format.
229
230 The value of dirName is specifies the configuration section containing
231 the distinguished name to use, as a set of name-value pairs. Multi-
232 valued AVAs can be formed by prefacing the name with a + character.
233
234 The value of otherName can include arbitrary data associated with an
235 OID; the value should be the OID followed by a semicolon and the
236 content in specified using the syntax in ASN1_generate_nconf(3).
237
238 Examples:
239
240 subjectAltName = email:copy, email:my@example.com, URI:http://my.example.com/
241
242 subjectAltName = IP:192.168.7.1
243
244 subjectAltName = IP:13::17
245
246 subjectAltName = email:my@example.com, RID:1.2.3.4
247
248 subjectAltName = otherName:1.2.3.4;UTF8:some other identifier
249
250 [extensions]
251 subjectAltName = dirName:dir_sect
252
253 [dir_sect]
254 C = UK
255 O = My Organization
256 OU = My Unit
257 CN = My Name
258
259 Non-ASCII Email Address conforming the syntax defined in Section 3.3 of
260 RFC 6531 are provided as otherName.SmtpUTF8Mailbox. According to RFC
261 8398, the email address should be provided as UTF8String. To enforce
262 the valid representation in the certificate, the SmtpUTF8Mailbox should
263 be provided as follows
264
265 subjectAltName=@alts
266 [alts]
267 otherName = 1.3.6.1.5.5.7.8.9;FORMAT:UTF8,UTF8String:nonasciiname.example.com
268
269 Issuer Alternative Name
270 This extension supports most of the options of subject alternative
271 name; it does not support email:copy. It also adds issuer:copy as an
272 allowed value, which copies any subject alternative names from the
273 issuer certificate, if possible.
274
275 Example:
276
277 issuerAltName = issuer:copy
278
279 Authority Info Access
280 This extension gives details about how to retrieve information that
281 related to the certificate that the CA makes available. The syntax is
282 access_id;location, where access_id is an object identifier (although
283 only a few values are well-known) and location has the same syntax as
284 subject alternative name (except that email:copy is not supported).
285
286 Possible values for access_id include OCSP (OCSP responder), caIssuers
287 (CA Issuers), ad_timestamping (AD Time Stamping), AD_DVCS (ad dvcs),
288 caRepository (CA Repository).
289
290 Examples:
291
292 authorityInfoAccess = OCSP;URI:http://ocsp.example.com/,caIssuers;URI:http://myca.example.com/ca.cer
293
294 authorityInfoAccess = OCSP;URI:http://ocsp.example.com/
295
296 CRL distribution points
297 This is a multi-valued extension whose values can be either a name-
298 value pair using the same form as subject alternative name or a single
299 value specifying the section name containing all the distribution point
300 values.
301
302 When a name-value pair is used, a DistributionPoint extension will be
303 set with the given value as the fullName field as the distributionPoint
304 value, and the reasons and cRLIssuer fields will be omitted.
305
306 When a single option is used, the value specifies the section, and that
307 section can have the following items:
308
309 fullname
310 The full name of the distribution point, in the same format as the
311 subject alternative name.
312
313 relativename
314 The value is taken as a distinguished name fragment that is set as
315 the value of the nameRelativeToCRLIssuer field.
316
317 CRLIssuer
318 The value must in the same format as the subject alternative name.
319
320 reasons
321 A multi-value field that contains the reasons for revocation. The
322 recognized values are: "keyCompromise", "CACompromise",
323 "affiliationChanged", "superseded", "cessationOfOperation",
324 "certificateHold", "privilegeWithdrawn", and "AACompromise".
325
326 Only one of fullname or relativename should be specified.
327
328 Simple examples:
329
330 crlDistributionPoints = URI:http://example.com/myca.crl
331
332 crlDistributionPoints = URI:http://example.com/myca.crl, URI:http://example.org/my.crl
333
334 Full distribution point example:
335
336 [extensions]
337 crlDistributionPoints = crldp1_section
338
339 [crldp1_section]
340 fullname = URI:http://example.com/myca.crl
341 CRLissuer = dirName:issuer_sect
342 reasons = keyCompromise, CACompromise
343
344 [issuer_sect]
345 C = UK
346 O = Organisation
347 CN = Some Name
348
349 Issuing Distribution Point
350 This extension should only appear in CRLs. It is a multi-valued
351 extension whose syntax is similar to the "section" pointed to by the
352 CRL distribution points extension. The following names have meaning:
353
354 fullname
355 The full name of the distribution point, in the same format as the
356 subject alternative name.
357
358 relativename
359 The value is taken as a distinguished name fragment that is set as
360 the value of the nameRelativeToCRLIssuer field.
361
362 onlysomereasons
363 A multi-value field that contains the reasons for revocation. The
364 recognized values are: "keyCompromise", "CACompromise",
365 "affiliationChanged", "superseded", "cessationOfOperation",
366 "certificateHold", "privilegeWithdrawn", and "AACompromise".
367
368 onlyuser, onlyCA, onlyAA, indirectCRL
369 The value for each of these names is a boolean.
370
371 Example:
372
373 [extensions]
374 issuingDistributionPoint = critical, @idp_section
375
376 [idp_section]
377 fullname = URI:http://example.com/myca.crl
378 indirectCRL = TRUE
379 onlysomereasons = keyCompromise, CACompromise
380
381 Certificate Policies
382 This is a raw extension that supports all of the defined fields of the
383 certificate extension.
384
385 Policies without qualifiers are specified by giving the OID. Multiple
386 policies are comma-separated. For example:
387
388 certificatePolicies = 1.2.4.5, 1.1.3.4
389
390 To include policy qualifiers, use the "@section" syntax to point to a
391 section that specifies all the information.
392
393 The section referred to must include the policy OID using the name
394 policyIdentifier. cPSuri qualifiers can be included using the syntax:
395
396 CPS.nnn = value
397
398 where "nnn" is a number.
399
400 userNotice qualifiers can be set using the syntax:
401
402 userNotice.nnn = @notice
403
404 The value of the userNotice qualifier is specified in the relevant
405 section. This section can include explicitText, organization, and
406 noticeNumbers options. explicitText and organization are text strings,
407 noticeNumbers is a comma separated list of numbers. The organization
408 and noticeNumbers options (if included) must BOTH be present. Some
409 software might require the ia5org option at the top level; this changes
410 the encoding from Displaytext to IA5String.
411
412 Example:
413
414 [extensions]
415 certificatePolicies = ia5org, 1.2.3.4, 1.5.6.7.8, @polsect
416
417 [polsect]
418 policyIdentifier = 1.3.5.8
419 CPS.1 = "http://my.host.example.com/"
420 CPS.2 = "http://my.your.example.com/"
421 userNotice.1 = @notice
422
423 [notice]
424 explicitText = "Explicit Text Here"
425 organization = "Organisation Name"
426 noticeNumbers = 1, 2, 3, 4
427
428 The character encoding of explicitText can be specified by prefixing
429 the value with UTF8, BMP, or VISIBLE followed by colon. For example:
430
431 [notice]
432 explicitText = "UTF8:Explicit Text Here"
433
434 Policy Constraints
435 This is a multi-valued extension which consisting of the names
436 requireExplicitPolicy or inhibitPolicyMapping and a non negative
437 integer value. At least one component must be present.
438
439 Example:
440
441 policyConstraints = requireExplicitPolicy:3
442
443 Inhibit Any Policy
444 This is a string extension whose value must be a non negative integer.
445
446 Example:
447
448 inhibitAnyPolicy = 2
449
450 Name Constraints
451 This is a multi-valued extension. The name should begin with the word
452 permitted or excluded followed by a ;. The rest of the name and the
453 value follows the syntax of subjectAltName except email:copy is not
454 supported and the IP form should consist of an IP addresses and subnet
455 mask separated by a /.
456
457 Examples:
458
459 nameConstraints = permitted;IP:192.168.0.0/255.255.0.0
460
461 nameConstraints = permitted;email:.example.com
462
463 nameConstraints = excluded;email:.com
464
465 OCSP No Check
466 This is a string extension. It is parsed, but ignored.
467
468 Example:
469
470 noCheck = ignored
471
472 TLS Feature (aka Must Staple)
473 This is a multi-valued extension consisting of a list of TLS extension
474 identifiers. Each identifier may be a number (0..65535) or a supported
475 name. When a TLS client sends a listed extension, the TLS server is
476 expected to include that extension in its reply.
477
478 The supported names are: status_request and status_request_v2.
479
480 Example:
481
482 tlsfeature = status_request
483
485 The following extensions are non standard, Netscape specific and
486 largely obsolete. Their use in new applications is discouraged.
487
488 Netscape String extensions
489 Netscape Comment (nsComment) is a string extension containing a comment
490 which will be displayed when the certificate is viewed in some
491 browsers. Other extensions of this type are: nsBaseUrl,
492 nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl and
493 nsSslServerName.
494
495 Netscape Certificate Type
496 This is a multi-valued extensions which consists of a list of flags to
497 be included. It was used to indicate the purposes for which a
498 certificate could be used. The basicConstraints, keyUsage and extended
499 key usage extensions are now used instead.
500
501 Acceptable values for nsCertType are: client, server, email, objsign,
502 reserved, sslCA, emailCA, objCA.
503
505 If an extension is not supported by the OpenSSL code then it must be
506 encoded using the arbitrary extension format. It is also possible to
507 use the arbitrary format for supported extensions. Extreme care should
508 be taken to ensure that the data is formatted correctly for the given
509 extension type.
510
511 There are two ways to encode arbitrary extensions.
512
513 The first way is to use the word ASN1 followed by the extension content
514 using the same syntax as ASN1_generate_nconf(3). For example:
515
516 [extensions]
517 1.2.3.4 = critical, ASN1:UTF8String:Some random data
518 1.2.3.4.1 = ASN1:SEQUENCE:seq_sect
519
520 [seq_sect]
521 field1 = UTF8:field1
522 field2 = UTF8:field2
523
524 It is also possible to use the word DER to include the raw encoded data
525 in any extension.
526
527 1.2.3.4 = critical, DER:01:02:03:04
528 1.2.3.4.1 = DER:01020304
529
530 The value following DER is a hex dump of the DER encoding of the
531 extension Any extension can be placed in this form to override the
532 default behaviour. For example:
533
534 basicConstraints = critical, DER:00:01:02:03
535
537 There is no guarantee that a specific implementation will process a
538 given extension. It may therefore be sometimes possible to use
539 certificates for purposes prohibited by their extensions because a
540 specific application does not recognize or honour the values of the
541 relevant extensions.
542
543 The DER and ASN1 options should be used with caution. It is possible to
544 create invalid extensions if they are not used carefully.
545
547 openssl-req(1), openssl-ca(1), openssl-x509(1), ASN1_generate_nconf(3)
548
550 Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
551
552 Licensed under the Apache License 2.0 (the "License"). You may not use
553 this file except in compliance with the License. You can obtain a copy
554 in the file LICENSE in the source distribution or at
555 <https://www.openssl.org/source/license.html>.
556
557
558
5593.0.5 2022-07-05 X509V3_CONFIG(5ossl)