SSL Certificate Purpose flag “Any Purpose”

No comments

Most certificates are issued with a set of purpose which allow to limit certificate usage. If you are planning to use an SSL certificate for encryption, you need to check your certificate purposes extension.

Imagine that you are planning to create a web service that use SSL/TLS client authentication. This would be very helpful to avoid attack from outsources. At this step, you should create two type of certificates which should have different extensions like Server and Client authentication.

Client — Server Authentication

I added a basic script to check certificate purposes extension with OpenSSL command.


I strongly advice to use OpenSSL to manage and create SSL certificate. It is easy to use and also well documented OpenSource project.

Basically, I described how to change SSL certificates’ purpose extension from “any purpose” to “ client authentication” . You can check these steps to create a certificate that will be used only for client authentication.

Step 1: Configure openssl.cnf file

Step 2: Use openssl.cnf file to create client certificate


Follow me


I'm a System Engineer with extensive experience and administration skills and works for Interbank Card Center Of Turkey.I provide hardware and software support for the following Unix/Linux and Windows platforms.(Oracle Solaris,HP-UX, Linux, IBM-AIX, Windows Servers)
Follow me
facebooktwittergoogle_pluslinkedinby feather

No comments yet.

You must be logged in to post a comment.