0

Is it possible to manually edit the key usage of a X509v3 certificate ?

$ openssl x509 -in crt.crt -text
...
 X509v3 Key Usage: 
     Digital Signature, Non Repudiation, Key Encipherment
 X509v3 Extended Key Usage: 
     TLS Web Client Authentication, E-mail Protection
...

How can you change this to 

 X509v3 Extended Key Usage:
           TLS Web Server Authentication

?

user1511417
  • 131
  • 3
  • 6
  • 1
    No you cannot change the certificate, but some certificate stores allow to attach different flags/settings to control usage. For example the Microsoft Windows Certificate Console can do that. – eckes Oct 22 '17 at 04:20

1 Answers1

2

No, you can't edit contents of the certificate, because it is digitally signed by CA server. If you modify anything there, you will break the signature and make your certificate unusable. Digital signature provides integrity check to ensure it wasn't modified after signing. If you need different certificate, you have to contact certificate issuer and request required certificate.

Crypt32
  • 6,639
  • 1
  • 15
  • 33