The following fields are attributes that may be included in the SSL certificate details.
Note: with changing PKI standards, these attributes may change at any time without notice to comply with CAB Forum requirements.
Valid From and Valid To
Subject Alternative Name (SAN)
Subject Key Identifier (SKI)
CRL Distribution Points
Extended Key Usage (EKU)
Authority Key Identifier (AKI)
Authority Info Access
The Key Usage extensions define what a particular certificate may be used for (assuming the application can parse this extension). The following extensions are included in an SSL certificate:
Digital Signature: (Taken from http://www.ietf.org/rfc/rfc3280.txt) The digitalSignature bit is asserted when the subject public key is used with a digital signature mechanism to support security services other than certificate signing (bit 5), or CRL signing (bit 6). Digital signature mechanisms are often used for entity authentication and data origin authentication with integrity.
Key Encipherment: (Taken from http://www.ietf.org/rfc/rfc3280.txt) The keyEncipherment bit is asserted when the subject public key is used for key transport. An example of Key Encipherment is the SSL handshake, where the two applications use asymmetric encryption to wrap around the exchange of a secret key that is ultimately used for the session.
CRL Distribution Points:
The CRL Distribution Points extension provides the location of the corresponding Certificate Revocation List (CRL) for the SSL certificate.
The Certificate Policies extension defines the legal rules associated with a particular certificate’s usage. For Symantec SSL certificates, a link to the Symantec Relying Party Agreements is provided: https://www.symantec.com/about/legal/repository.jsp#rpa-ts
Extended Key Usage (EKU):
This extension indicates one or more purposes for which the certified public key may be used, in addition to or in place of the basic purposes already indicated in the key usage extension. Symantec SSL Certificates include the following extensions:
Server Authentication: (Taken from http://www.ietf.org/rfc/rfc3280.txt) TLS WWW server authentication. Key usage bits that may be consistent: digitalSignature, keyEncipherment or keyAgreement
Client Authentication: (Taken from http://www.ietf.org/rfc/rfc3280.txt) TLS WWW client authentication. Key usage bits that may be consistent: digitalSignature and/or keyAgreement
Symantec Secure Site Pro (Premium) SSL certificates also have the following extension: 2.16.840.1.113730.4.1 - Netscape Server Gated Crypto (nsSGC)
Authority Key Identifier (AKI):
The Authority Key Identifier extension provides the key identifier of the Issuing CA certificate that signed the SSL certificate. This AKI value would match the SKI value of the Intermediate CA certificate.
Authority Info Access:
The Authority Info Access extension provides information about how to access information about a CA, such as OCSP validation and CA policy data.
The Logotype extension is a logotype representing the organization identified as part of the issuer name in the certificate.
This extension indicates the algorithm used to hash the certificate.
This extension provides the actual hash to ensure that the certificate has not been tampered with.
This information has been taken from RFC 3280: http://www.ietf.org/rfc/rfc3280.txt