With this item you specify additional designated purposes for the key usage. The extended key usage consists of a comma-separated list of key usages. These indicate the purposes for which the certificate's public key may be used.
The purposes are entered either as their abbreviations or the dot-separated form of the OIDs. Although any OID can be used, only a few of them are meaningful (see below). Specifically the following PKIX, NS and MS values are significant and can be entered in any combination:
| Value | Meaning |
|---|---|
| serverAuth | SSL/TLS Web server authentication |
| clientAuth | SSL/TLS Web client authentication |
| codeSigning | Code signing |
| emailProtection | E-mail protection (S/MIME) |
| timeStamping | Trusted time stamping |
| msCodeInd | Microsoft personal code signing (Authenticode) |
| msCodeCom | Microsoft commercial code signing (Authenticode) |
| msCTLSign | Microsoft trust list signing |
| msSGC | Microsoft server gated crypto |
| msEFS | Microsoft encrypted file system |
| nsSGC | Netscape server gated crypto |
| critical | By setting this restriction, the key usage extension must always be observed. If the extension is not supported, the certificate is rejected as invalid. |
| Device | OID |
|---|---|
| WLC | 1.3.6.1.5.5.7.3.18 |
| Managed AP | 1.3.6.1.5.5.7.3.19 |
Sample input: critical,clientAuth,1.3.6.1.5.5.7.3.19
- SNMP ID:
- 2.39.2.13.4
- Console path:
- Setup > Certificates > SCEP-CA > Sub-CA
- Possible values:
Comma separated list of the abbreviations and/or OIDs listed above. Max. 100 characters from #[A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_. `
- Default:
- empty
