Certificate extensions

Certificate extensions are information fields that provide additional information about the certificate.

Certificate extensions provide a means of expanding the original X.509 certificate information standards. While information for some extensions is provided to extend identification information for the certificate, other extensions provide information about the cryptographic capabilities of the certificate.

Not all certificates use the extension fields to extend distinguished name and other information. The number and type of extension fields that a certificate uses vary among the Certificate Authority (CA) entities that issue certificates.

For example, the local CA that Digital Certificate Manager (DCM) provides, allows you to use the Subject Alternative Name certificate extensions only. These extensions allow you to associate a certificate with a specific IP address, a fully-qualified domain name, or e-mail address. If you intend to use the certificate to identify an IBM® i Virtual Private Network (VPN) connection endpoint, you must provide information for these extensions.