Reference documentation and code samples for the Certificate Authority v1 API enum CertificateExtensionConstraints.Types.KnownCertificateExtension.
Describes well-known X.509 extensions that can appear in a
[Certificate][google.cloud.security.privateca.v1.Certificate], not
including the
[SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames]
extension.
Refers to OCSP servers in a certificate's Authority Information Access
extension, as described in
RFC 5280
section 4.2.2.1,
This corresponds to the
[X509Parameters.aia_ocsp_servers][google.cloud.security.privateca.v1.X509Parameters.aia_ocsp_servers]
field.
BaseKeyUsage
Refers to a certificate's Key Usage extension, as described in RFC 5280
section 4.2.1.3.
This corresponds to the
[KeyUsage.base_key_usage][google.cloud.security.privateca.v1.KeyUsage.base_key_usage]
field.
CaOptions
Refers to a certificate's Basic Constraints extension, as described in
RFC 5280
section 4.2.1.9.
This corresponds to the
[X509Parameters.ca_options][google.cloud.security.privateca.v1.X509Parameters.ca_options]
field.
ExtendedKeyUsage
Refers to a certificate's Extended Key Usage extension, as described in
RFC 5280
section 4.2.1.12.
This corresponds to the
[KeyUsage.extended_key_usage][google.cloud.security.privateca.v1.KeyUsage.extended_key_usage]
message.
Refers to a certificate's Policy object identifiers, as described in
RFC 5280
section 4.2.1.4.
This corresponds to the
[X509Parameters.policy_ids][google.cloud.security.privateca.v1.X509Parameters.policy_ids]
field.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis page provides documentation for the \u003ccode\u003eCertificateExtensionConstraints.Types.KnownCertificateExtension\u003c/code\u003e enum within the Google Cloud Security Private CA v1 API, detailing its use in X.509 certificate extensions.\u003c/p\u003e\n"],["\u003cp\u003eThe latest version of the API documented is 3.9.0, and the page you are on is specifically referencing the 3.7.0 version.\u003c/p\u003e\n"],["\u003cp\u003eThis enum is used to describe well-known X.509 extensions that may appear in a \u003ccode\u003eCertificate\u003c/code\u003e, excluding the \u003ccode\u003eSubjectAltNames\u003c/code\u003e extension.\u003c/p\u003e\n"],["\u003cp\u003eThe documentation lists several fields within the \u003ccode\u003eKnownCertificateExtension\u003c/code\u003e enum, including \u003ccode\u003eAiaOcspServers\u003c/code\u003e, \u003ccode\u003eBaseKeyUsage\u003c/code\u003e, \u003ccode\u003eCaOptions\u003c/code\u003e, \u003ccode\u003eExtendedKeyUsage\u003c/code\u003e, \u003ccode\u003eNameConstraints\u003c/code\u003e, \u003ccode\u003ePolicyIds\u003c/code\u003e, and \u003ccode\u003eUnspecified\u003c/code\u003e, each with descriptions and references to relevant RFC sections.\u003c/p\u003e\n"],["\u003cp\u003eMultiple versions of the documentation for this enum are available, spanning from version 1.0.0 to 3.9.0, each having a specific link to the document.\u003c/p\u003e\n"]]],[],null,[]]
