The X.509 Certificate Generator is a multipurpose certificate utility. It can be used to generate X.509 certificates on Smart Cards or PFX files, preview certificates or change key usage extensions.
X.509 Certificate Generator can be used to issue certificate signed by a Root Certificate or to sign Certificate Signing Request (CSR) generated by your web server.
Certificates provide the foundation of a public key infrastructure (PKI). These are electronic credentials, issued by a certification authority (CA), that are associated with a public and private key pair.
In an X.509 version 3 digital certificate, the following important certificate extensions can exist:
Key Usage. A CA, user, computer, network device, or service can have more than one certificate. The Key Usage extension defines the security services for which a certificate can be used. The options can be used in any combination and can include the following:
– Digital Signature. The public key can be used to verify signatures. This key is also used for client authentication and data-origin validation.
– Non-Repudiation. The public key can be used to validate the signer’s identity, preventing a signer from denying that he/she signed a package.
– Data Encipherment. The public key can be used to directly encrypt data, rather than exchanging a symmetric key for data encryption.
Enhanced Key Usage. This extension indicates how a certificate’s public key can be used. The Enhanced Key Usage extension provides additional information beyond the general purposes defined in the Key Usage extension. For example, OIDs exist for Client Authentication (220.127.116.11.18.104.22.168.2), Server Authentication (22.214.171.124.126.96.36.199.1), and Secure E-mail (188.8.131.52.184.108.40.206.4). When a certificate is presented to an application, an application can require the presence of an Enhanced Key Usage OID specific to that application.
X.509 Certificate Generator 官方网站：http://www.signfiles.com/x509-certificate-generator/