What is the difference between a critical and non-critical extension?
Originally Published: 2008-01-17
Article Number
Applies To
RSA Certificate Manager
Issue
Not sure if Critical or non-critical should be selected when issuing a certificate
Resolution
According to the X.509 standard, the user of a certificate should reject the certificate if an extension is flagged as critical and is not recognized. If the extension is flagged as non-critical and is aslo not recognized, the application may decide to accept the certificate anyway.
As an example, most browsers will recognize major extensions like KeyUsage, so it is a good practice to leave this extension as critical.
Related Articles
'Critical Error' with software Token for Windows Number of Views Error message "[crit] wtd51 Unable to create thread due to limit on number of processes" in RSA Web Threat Detection Number of Views 1 Virtual Disk(s) Degraded error or 1 Virtual Disk(s) is in Critical State error displays when RSA SecurID A250 Hardware A… Number of Views What is the meaning of yellow flags in Microsoft Internet Explorer's icons for critical extensions? Number of Views What is the difference between RSA ACE/Agent 5.x for UNIX and a Communications Server? Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
