Certificate extensions offer more information about the certificate by extending the original X.509 certificate standard information with additional identification information or information about the cryptographic capabilities and restrictions in usage of the certificate. Only V3 certificates can have extensions.
When selecting an Extensions entry alias in the KeyStore window, the certificate extensions details are displayed at the bottom of the window. The extensions details panel can also be obtained by clicking on the "Open" button next to the extensions text field in the certificate panel.
CERTivity allows viewing the extensions contained in a certificate and can display the content of the following extensions:
Authority Information Access;
Authority Key Identifier;
CRL Distribution Points;
Extended Key Usage;
Issuer Alternative Name;
Netscape Cert Type;
Private Key Usage Period;
Subject Alternative Name;
Subject Information Access;
Subject Key Identifier;
Inhibit Any Policy;
Subject Directory Attributes.
A screenshot for certificate extensions can be seen below:
The extensions that exist in a certificate are displayed in a list (left side of bottom panel) using their name and their Object Identifier (OID). For the ones which are not recognized, only the OID will be displayed.
Also, extensions which are marked as critical can be identified by the symbol "[C]" at the end of the name.
The value of each extension is displayed in the right side of the bottom panel when selecting it from the list. The content is displayed in a text format, having indentation where needed (when some fields have other sub fields) for a better representation and to be easy to read.
CERTivity allows displaying the ASN.1 representation for each extension (even for those which are not yet recognized). To see the ASN.1 representation click on the button "ASN.1" from the bottom right corner of the extensions panel. A new dialog will open displaying the ASN. 1 content.
This dialog can be seen in the screenshot below:
When clicking the "ASN.1" button, the dialog will display the ASN.1 content of the selected extension from the extensions list (in the left of the extensions panel).