Understanding Key Usage and Extended Key Usage in SSL Certificates

Key Usage and Extended Key Usage extensions define what a certificate's key can be used for. Learn to read them and understand why they matter.

Two of the most important extensions in an X.509 certificate are Key Usage (KU) and Extended Key Usage (EKU). Together they define what the certificate's key is permitted to do — and what it's not.

Key Usage

The Key Usage extension is a bitmask of low-level cryptographic operations the key can perform. Common values include:

  • digitalSignature — the key can be used to sign data (required for TLS authentication)
  • keyEncipherment — the key can encrypt other keys (used in RSA key exchange)
  • keyCertSign — the key can sign certificates (only set on CA certificates)
  • cRLSign — the key can sign Certificate Revocation Lists
  • keyAgreement — the key can be used in a key agreement protocol (set on EC keys)

If the Key Usage extension is marked critical, any application that doesn't understand it must reject the certificate. Most TLS implementations enforce Key Usage for their operations.

Extended Key Usage

Extended Key Usage adds higher-level purpose constraints via OIDs. The most common values in TLS certificates:

  • serverAuth (1.3.6.1.5.5.7.3.1) — TLS web server authentication
  • clientAuth (1.3.6.1.5.5.7.3.2) — TLS client authentication
  • codeSigning (1.3.6.1.5.5.7.3.3) — software code signing
  • emailProtection (1.3.6.1.5.5.7.3.4) — S/MIME email
  • OCSPSigning (1.3.6.1.5.5.7.3.9) — signing OCSP responses

A standard HTTPS server certificate should have at minimum serverAuth in EKU. Client certificates need clientAuth. If serverAuth is absent, some TLS implementations will reject the certificate even if everything else checks out.

CA Certificates vs End-Entity Certificates

CA certificates (intermediate and root) have keyCertSign in Key Usage and CA:TRUE in Basic Constraints. End-entity certificates have CA:FALSE and don't have keyCertSign. This separation is enforced by browsers — a leaf certificate can't sign other certificates even if a malicious actor tried to misuse it.

Reading These Extensions

The SSL Certificate Decoder shows Key Usage and Extended Key Usage in the Extensions section for any certificate you decode. You'll also see whether the extensions are marked critical.

Decode any SSL certificate instantly

Paste any PEM certificate into the free decoder — see subject, issuer, SANs, fingerprints, validity dates, and all X.509 extensions explained in plain English.

Open the Decoder
All articles