This section contains common X509 information.

Key usage

Key usage is a list of (9) flags turning on (true ) or off (false) a specific usage.


  1. digitalSignature
  2. nonRepudiation
  3. keyEncipherment
  4. dataEncipherment
  5. keyAgreement
  6. keyCertSign
  7. cRLSign
  8. encipherOnly
  9. decipherOnly

If length of list is shorter than 9, false will be added to the end until length is 9.


# Turn on digitalSignature
# Turn on keyCertSign

Extended key usage

Extended key usage is a list of key purpose aliases. Only the one defined below are valid in the current version.

Key purpose aliases:

  • OCSPSigning
  • serverAuth
  • clientAuth
  • codeSigning