The X509 Certificate Generator is a multi purpose certificate utility. It can be used to generate X.509 certificates, export certificates in PFX format, preview certificates or change key usage extensions.
Certificates provide the foundation of a public key infrastructure (PKI). These are electronic credentials, issued by a certification authority (CA), that are associated with a public and private key pair.
In an X.509 version 3 certificate, the following important certificate extensions can exist:
Key Usage. A CA, user, computer, network device, or service can have more than one certificate. The Key Usage extension defines the security services for which a certificate can be used. The options can be used in any combination and can include the following:
- Digital Signature. The public key can be used to verify signatures. This key is also used for client authentication and data-origin validation.
- Non-Repudiation. The public key can be used to validate the signer's identity, preventing a signer from denying that he/she signed a package.
- Data Encipherment. The public key can be used to directly encrypt data, rather than exchanging a symmetric key for data encryption.
Enhanced Key Usage. This extension indicates how a certificate's public key can be used. The Enhanced Key Usage extension provides additional information beyond the general purposes defined in the Key Usage extension. For example, OIDs exist for Client Authentication (220.127.116.11.18.104.22.168.2), Server Authentication (22.214.171.124.126.96.36.199.1), and Secure E-mail (188.8.131.52.184.108.40.206.4). When a certificate is presented to an application, an application can require the presence of an Enhanced Key Usage OID specific to that application.