Certificate OIDs and Key Usage

Certificate OIDs and Key Usage Extensions

Wichtige OIDs und Zertifikatserweiterungen

Diese Tabellen zeigen die wichtigsten Informationen rund um die Object Identifiers und den Extensions an.

Object Identifiers OID
Any Purpose 2.5.29.37.0
Attestation Identity Key Certificate 2.23.133.8.3
Certificate Request Agent 1.3.6.1.4.1.311.20.2.1
Client Authentication 1.3.6.1.5.5.7.3.2
Code Signing 1.3.6.1.5.5.7.3.3
CTL Usage 1.3.6.1.4.1.311.20.1
Digital Rights 1.3.6.1.4.1.311.10.5.1
Directory Service Email Replication 1.3.6.1.4.1.311.21.19
Disallowed List 1.3.6.1.4.1.311.10.3.30
Document Encryption 1.3.6.1.4.1.311.80.1
Document Signing 1.3.6.1.4.1.311.10.3.12
Domain Name System (DNS) Server Trust 1.3.6.1.4.1.311.64.1.1
Dynamic Code Generator 1.3.6.1.4.1.311.76.5.1
Early Launch Antimalware Driver 1.3.6.1.4.1.311.61.4.1
Embedded Windows System Component Verification 1.3.6.1.4.1.311.10.3.8
Encrypting File System 1.3.6.1.4.1.311.10.3.4
Endorsement Key Certificate 2.23.133.8.1
File Recovery 1.3.6.1.4.1.311.10.3.4.1
HAL Extension 1.3.6.1.4.1.311.61.5.1
IP security end system 1.3.6.1.5.5.7.3.5
IP security IKE intermediate 1.3.6.1.5.5.8.2.2
IP security tunnel termination 1.3.6.1.5.5.7.3.6
IP security user 1.3.6.1.5.5.7.3.7
KDC Authentication 1.3.6.1.5.2.3.5
Kernel Mode Code Signing 1.3.6.1.4.1.311.61.1.1
Key Pack Licenses 1.3.6.1.4.1.311.10.6.1
Key Recovery 1.3.6.1.4.1.311.10.3.11
Key Recovery Agent 1.3.6.1.4.1.311.21.6
License Server Verification 1.3.6.1.4.1.311.10.6.2
Lifetime Signing 1.3.6.1.4.1.311.10.3.13
Microsoft Publisher 1.3.6.1.4.1.311.76.8.1
Microsoft Time Stamping 1.3.6.1.4.1.311.10.3.2
Microsoft Trust List Signing 1.3.6.1.4.1.311.10.3.1
OCSP Signing 1.3.6.1.5.5.7.3.9
OEM Windows System Component Verification 1.3.6.1.4.1.311.10.3.7
Platform Certificate 2.23.133.8.2
Preview Build Signing 1.3.6.1.4.1.311.10.3.27
Private Key Archival 1.3.6.1.4.1.311.21.5
Protected Process Light Verification 1.3.6.1.4.1.311.10.3.22
Protected Process Verification 1.3.6.1.4.1.311.10.3.24
Qualified Subordination 1.3.6.1.4.1.311.10.3.10
Remote Desktop Authentication 1.3.6.1.4.311.54.1.2
Revoked List Signer 1.3.6.1.4.1.311.10.3.19
Root List Signer 1.3.6.1.4.1.311.10.3.9
Secure Email 1.3.6.1.5.5.7.3.4
Server Authentication 1.3.6.1.5.5.7.3.1
Smart Card Logon 1.3.6.1.4.1.311.20.2.2
SpcEncryptedDigestRetryCount 1.3.6.1.4.1.311.2.6.2
SpcRelaxedPEMarkerCheck 1.3.6.1.4.1.311.2.6.1
Time Stamping 1.3.6.1.5.5.7.3.8
Windows Hardware Driver Attested Verification 1.3.6.1.4.1.311.10.3.5.1
Windows Hardware Driver Extended Verification 1.3.6.1.4.1.311.10.3.39
Windows Hardware Driver Verification 1.3.6.1.4.1.311.10.3.5
Windows Kits Component 1.3.6.1.4.1.311.10.3.20
Windows RT Verification 1.3.6.1.4.1.311.10.3.21
Windows Software Extension Verification 1.3.6.1.4.1.311.10.3.26
Windows Store 1.3.6.1.4.1.311.76.3.1
Windows System Component Verification 1.3.6.1.4.1.311.10.3.6
Windows TCB Component 1.3.6.1.4.1.311.10.3.23
Windows Third Party Application Component 1.3.6.1.4.1.311.10.3.25
Windows Update 1.3.6.1.4.1.311.76.6.1
Microsoft CertSrv InfrastructureOID
Certificate services Certification Authority (CA) version1.3.6.1.4.1.311.21.1
szOID_CERTSRV_PREVIOUS_CERT_HASH1.3.6.1.4.1.311.21.2
szOID_CRL_VIRTUAL_BASE1.3.6.1.4.1.311.21.3
szOID_CRL_NEXT_PUBLISH1.3.6.1.4.1.311.21.4
szOID_KP_CA_EXCHANGE1.3.6.1.4.1.311.21.5
szOID_KP_KEY_RECOVERY_AGENT1.3.6.1.4.1.311.21.6
szOID_CERTIFICATE_TEMPLATE1.3.6.1.4.1.311.21.7
szOID_ENTERPRISE_OID_ROOT1.3.6.1.4.1.311.21.8
szOID_RDN_DUMMY_SIGNER1.3.6.1.4.1.311.21.9
szOID_APPLICATION_CERT_POLICIES1.3.6.1.4.1.311.21.10
szOID_APPLICATION_POLICY_MAPPINGS1.3.6.1.4.1.311.21.11
szOID_APPLICATION_POLICY_CONSTRAINTS1.3.6.1.4.1.311.21.12
szOID_ARCHIVED_KEY_ATTR1.3.6.1.4.1.311.21.13
szOID_CRL_SELF_CDP1.3.6.1.4.1.311.21.14
szOID_REQUIRE_CERT_CHAIN_POLICY1.3.6.1.4.1.311.21.15
szOID_ARCHIVED_KEY_CERT_HASH1.3.6.1.4.1.311.21.16
szOID_ISSUED_CERT_HASH1.3.6.1.4.1.311.21.17
szOID_DS_EMAIL_REPLICATION1.3.6.1.4.1.311.21.19
szOID_REQUEST_CLIENT_INFO1.3.6.1.4.1.311.21.20
szOID_ENCRYPTED_KEY_HASH1.3.6.1.4.1.311.21.21
szOID_CERTSRV_CROSSCA_VERSION1.3.6.1.4.1.311.21.22
Key storage provider name1.3.6.1.4.1.311.21.25
CertificateOIDDescription
subjectKeyIdentifier2.5.29.14Subject key identifier
keyUsage2.5.29.15Key usage
privateKeyUsagePeriod2.5.29.16Private key usage period
issuerAltName2.5.29.18Issuer alternative name (SAN)
basicConstraints2.5.29.19Basic constraints
cRLNumber2.5.29.20CRL (Certificate Revocation List) number
reasonCode2.5.29.21Reason code
invalidityDate2.5.29.24Invalidity Date
deltaCRLIndicator2.5.29.27Certificate Revocation List indicator
certificateIssuer2.5.29.29Certificate Issuer
cRLDistributionPoints2.5.29.31Certificate Revocation List distribution points
authorityKeyIdentifier2.5.29.35Authority key identifier.
Certificate ExtensionsOID
Authority Key Identifier2.5.29.19
Basic Constraints2.5.29.35
Certificate Policies2.5.29.32
CRL Distribution Points2.5.29.31
Enhanced Key Usage2.5.29.46
Issuer Alternative Name2.5.29.8
Key Usage2.5.29.15
Name Constraints2.5.29.30
Policy Constraints2.5.29.36
Policy Mappings2.5.29.33
Private Key Usage Period2.5.29.16
Subject Alternative Name2.5.29.17
Subject Directory Attributes2.5.29.9
Subject Key Identifier2.5.29.14

Welche Key Usage Extensions müssen für ein Zertifikat aktiviert sein

Extended KeyEnable Key Usage Extensions
Web Server CertificateDigital Signature, Key Encipherment or Key Agreement
Web Client CertificateDigital Signature and/or Key Agreement
File Signing .exeDigital Signature
E-Mail ProtectionDigital Signature, non-Repudiation, and/or Key Encipherment or Key Agreement
IPSEC Host or RouterDigital Signature, Key Encipherment or Key Agreement
IPSEC TunnelDigital Signature, Key Encipherment or Key Agreement
TimestampingDigital Signature, non-Repudiation

Welcher Typ von Zertifikat setzt welche Key Usage Extensions voraus

ApplicationKey Usage Extensions
SSL Certificate for ClientDigital signature
SSL Certificate for ServerKey encipherment
S/MIME SigningDigital signature
S/MIME EncryptionKey encipherment
Certificate SigningCertificate signing
Object SigningDigital signature

Eigenschaften eines X.509 v3 Zertifikats