|Applies To||Keon Certificate Authority|
RSA Certificate Manager
|Issue||What is the difference between a critical and non-critical extension?|
Not sure if Critical or non-critical should be selected when issuing a certificate
|Resolution||Certificate extensions are used by the user of a certificate. For example, with a web server SSL certificate, the user of the certificate is the browser accessing the SSL web site, so Internet Explorer, Firefox, Opera, etc.|
According to the X.509 standard, the user of a certificate should reject the certificate if an extension is flagged as critical and is not recognized. If the extension is flagged as non-critical and is aslo not recognized, the application may decide to accept the certificate anyway.
As an example, most browsers will recognize major extensions like KeyUsage, so it is a good practice to leave this extension as critical.
|Legacy Article ID||a38418|