Unit
ScCertificateExts
Description
The TScCertExtendedKeyUsageExtension class represents the extended key usage extension that is a collection of object identifiers (OIDs) that indicate the applications that use the key.
The extended key usage extension indicates the purposes for which the certified public key may be used. These purposes may be in addition to or in place of the basic purposes indicated in Certificate Key Usage extension.
The extended key usage must include Online Certificate Status Protocol (OCSP) signing in an OCSP responder's certificate. The exception is that the CA signing key that signed the certificates validated by the responder is also the OCSP signing key. The OCSP responder's certificate must be issued directly by the CA that signs certificates the responder will validate.
The Certificate Key Usage, Certificate Extended Key Usage, and Certificate Basic Constraints extensions act together to define the purposes for which the certificate is intended to be used. Applications can use these extensions to disallow the use of a certificate in inappropriate contexts.
This extension is specified in RFC 5280 section 4.2.1.12.
See Also