"We Mean Secure E-Business since 1998"

SSL Certificate Details and Extensions

SSL Certificate Details and Extensions

The following fields are attributes that may be included in the SSL Certificate details.

Serial Number
Signature Algorithm
Valid From and Valid To
Public Key
Subject Alternative Name (SAN)
Basic Constraints
Subject Key Identifier (SKI)
Key Usage
CRL Distribution Points
Certificate Policies
Extended Key Usage (EKU)
Authority Key Identifier (AKI)
Authority Info Access
Thumbprint Algorithm

This field describes the version of the encoded certificate.  For SSL certificates, the X.509 version is 3 since certificate extensions are used.

versionSerial Number:
The Serial Number is a positive integer assigned by Symantec to each SSL certificate.  It is unique for each certificate issued by Symantec (i.e., the issuer name and serial number identify a unique certificate).

serial numberSignature Algorithm:
The Signature Algorithm identifies the cryptographic algorithm used by Symantec to sign this certificate. Symantec signs all SSL certificates using the SHA1 Algorithm.signature_algorithm


The Issuer field identifies the entity who has signed and issued the certificate.  For SSL certificates, this would contain the the Distinguished Name (DN) information for the Intermediate CA Certificate.issuer

Valid From and Valid To: 

These fields

indicate the validity period of the SSL certificate.

valid from



This contains the Distinguished Name (DN) information for the certificate.  The fields included in a typical SSL certificate are:

Common Name (CN)
Organization (O)
Organizational Unit (OU)
Locality or City (L)
State or Province (S)
Country Name (C)

For Extended Validation (EV) SSL certificates, these additional fields are also included:

Company Street Address
Postal Code
Business Category
Serial Number (Business Registration Number)
Jurisdiction State
Jurisdiction Locality

subjectPublic Key:
This field is used to identify the algorithm with which the SSL certificate is used. It also contains the byte-array information for the certificate.

public_keySubject Alternative Name (SAN):
The Subject Alternative Name extension allows additional identities to be bound to the subject of the certificate. The DNS name (dNSName) extension is used to add an additional fully qualified domain name to an SSL certificate.


Basic Constraints:

This extension indicates whether a certificate is a Certificate Authority (CA) or not. If the certificate is a CA, then additional information, such as the depth of the hierarchy it can sign, is specified. SSL Certificates are end-entity certificates, not CA certificates.


CRL Distribution Points:

The CRL Distribution Points extension provides the location of the corresponding Certificate Revocation List (CRL) for the SSL certificate.


Certificate Policies:

The Certificate Policies extension defines the legal rules associated with a particular certificate’s usage. For Symantec SSL certificates, a link to the Symantec Relying Party Agreements is provided: https://www.verisign.com/rpa

Certificate_policiesExtended Key Usage (EKU):
This extension indicates one or more purposes for which the certified public key may be used, in addition to or in place of the basic purposes already indicated in the key usage extension. Symantec SSL Certificates include the following extensions:

Server Authentication: (Taken from http://www.ietf.org/rfc/rfc3280.txt) TLS WWW server authentication. Key usage bits that may               be consistent: digitalSignature, keyEncipherment or keyAgreement

Client Authentication: (Taken from http://www.ietf.org/rfc/rfc3280.txt) TLS WWW client authentication. Key usage bits that may                 be  consistent: digitalSignature and/or keyAgreement

Symantec Secure Site Pro (Premium) SSL certificates also have the following extension: 2.16.840.1.113730.4.1 – Netscape Server                           Gated  Crypto (nsSGC).

Extended Key Usage (EKU)

Subject Key Identifier (SKI):

The Subject Key Identifier extension provides a means of identifying certificates that contain a particular public key. This is a hash value of the SSL certificate.


Authority Info Access:

The Authority Info Access extension provides information about how to access information about a CA, such as OCSP validation and CA policy data.

The Logotype extension is a logotype representing the organization identified as part of the issuer name in the certificate.


Key Usage:

The Key Usage extensions define what a particular certificate may be used for (assuming the application can parse this extension). The following extensions are included in an SSL certificate:

Digital Signature: (Taken from http://www.ietf.org/rfc/rfc3280.txt) The digitalSignature bit is asserted when the subject public key is            used with a digital signature mechanism to support security services other than certificate signing (bit 5), or CRL signing (bit 6). Digital           signature mechanisms are often used for entity authentication and data origin authentication with integrity.

Key Encipherment: (Taken from http://www.ietf.org/rfc/rfc3280.txt) The keyEncipherment bit is asserted when the subject public                key is used for key transport. An example of Key Encipherment is the SSL handshake, where the two applications use asymmetric                       encryption to wrap around the exchange of a secret key that is ultimately used for the session.

key_usageThumbprint Algorithm:
This extension indicates the algorithm used to hash the certificate.


This extension provides the actual hash to ensure that the certificate has not been tampered with


Leave a Reply

Your email address will not be published. Required fields are marked *

Solve : *
18 ⁄ 2 =

© 2019 - All rights reserved.