What is the difference between the x.509 V3 extensions Basic Constraints and Key Usage to create a CA certificate?

后端 未结 2 1892
时光说笑
时光说笑 2021-02-13 01:39

These two actions seem to do the same:

  • using the Basic Constraints extension in a X.509 Certificate to signify that it is a CA certificate and
2条回答
  •  醉话见心
    2021-02-13 02:09

    Key Usage describes intended purposes of the certificate.

    Basic Constraints extension describes how deep the certificate chain that has the certificate as it's top can be. In other words, this extension is used by CAs to restrict activity of their sub-CAs when the sub-CA certificate is issued. If toplevel CA gets a sub-CA , it allows sub-CA to issue end-user certificates, but doesn't allow sub-CA have it's own sub-CAs.

提交回复
热议问题