If the Key Usage extension is present, then it must include the digitalSignature bit or the nonRepudiation bit. If the Extended Key Usage extension is present, then it must include email protection OID. In fact, the first condition is "reasonable": RFC5280 states in section "Key Usage" that

KeyUsage public KeyUsage(int usage) Basic constructor. Parameters: usage - - the bitwise OR of the Key Usage flags giving the allowed uses for the key. e.g. (KeyUsage.keyEncipherment | KeyUsage.dataEncipherment) mbed TLS v2.2.0: X.509 module - GitHub Pages #define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800: Usage does not match the keyUsage extension. Definition at line 97 of file x509.h. #define MBEDTLS_X509_BADCERT_MISSING 0x40: Certificate was missing. Definition at line 92 of file x509.h. #define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08: The certificate is not correctly signed by the trusted CA. What is an X.509 Certificate? | Keyfactor Since 1996, Version 3 of X.509 enables multiple extensions that can be added to a certificate. The extensions provide enhanced information about key usage, certificate policies and constraints, alternative name forms, and more. Next Steps . As mentioned by Gartner, X.509 certificates are critical to establish digital trust in the digital world. gnutls_x509_crt_get_key_usage - API function - man page gnutls_x509_crt_t cert. should contain a gnutls_x509_crt_t type unsigned int * key_usage. where the key usage bits will be stored unsigned int * critical. will be non-zero if the extension is marked as critical Description. This function will return certificate's key usage, by reading the keyUsage X.509 …

You can see in the "X509v3 Extended Key Usage" section that the certificate is authorized for "TLS Web Server Authentication". This means that the certificate may be used to identify a web server positively. Other common uses that might be listed here include functioning as a CA (allowing the signing of certificates for other servers) or

RFC 3280 Internet X.509 Public Key Infrastructure April 2002 id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } SubjectKeyIdentifier ::= KeyIdentifier 4.2.1.3 Key Usage The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate. The usage restriction might C++ OpenSSL Parse X509 Certificate PEM :: zedwood.com C++ OpenSSL Parse X509 Certificate PEM Here is a sample of OpenSSL C code parsing a certificate from a hardcoded string. Included is basically the output in bash if you parse a cert with command line the openssl command, "openssl x509 -noout -text -in cert.pem" jsrsasign JavaScript API Reference - X509

You can see in the "X509v3 Extended Key Usage" section that the certificate is authorized for "TLS Web Server Authentication". This means that the certificate may be used to identify a web server positively. Other common uses that might be listed here include functioning as a CA (allowing the signing of certificates for other servers) or

gnutls_x509_crt_get_key_usage(3) - Linux manual page gnutls_x509_crt_t cert should contain a gnutls_x509_crt_t type unsigned int * key_usage where the key usage bits will be stored unsigned int * critical will be non-zero if the extension is marked as critical DESCRIPTION top