Most certificates are issued with a set of purpose which allow to limit certificate usage. If you are planning to use an SSL certificate for encryption, you need to check your certificate purposes extension.
Imagine that you are planning to create a web service that use SSL/TLS client authentication. This would be very helpful to avoid attack from outsources. At this step, you should create two type of certificates which should have different extensions like Server and Client authentication.
I added a basic script to check certificate purposes extension with OpenSSL command.
I strongly advice to use OpenSSL to manage and create SSL certificate. It is easy to use and also well documented OpenSource project.
Basically, I described how to change SSL certificates’ purpose extension from “any purpose” to “ client authentication” . You can check these steps to create a certificate that will be used only for client authentication.
Step 1: Configure openssl.cnf file
Step 2: Use openssl.cnf file to create client certificate