The extensions of a X.509 certificate provide a generic way to include information in the certificate. Currently the API provides explicit support for four X.509 extensions: Key Usage, basic constraints, subject alternative name, and the Novell Security Attributes. In addition, the API currently supports the ability to include any generic ASN.1 encoded extensions when generating server and user certificates.
NOTE:Creating an ASN.1 encoded extension is an advanced operation, requiring detailed knowledge of ASN.1 and X.509 extensions. However, existing ASN.1 encoded extensions may be used without such detailed knowledge. To review an example that uses the parameters to include in an extended key usage extension on the user certificate as it is created, see UserExtendedKeyUsage.
To provide a generic method of specifying data for X.509 extensions, the API provides general purpose data structures and defines, as well as extension-specific data structures and defines. Also see General Purpose Extension Structure. The following table describes the general purpose extension flags:
The following are a list of general purpose extension flags: