Extended Key Usages can be added and removed in the Extended Key Usages tab in the System Configuration page in the Admin web. Only administrators who are granted the access rule '/system_functionality/edit_available_extended_key_usages' are allowed to add and remove extended key usages.

Every extended key usage consists of an Object Identifier (OID) and a label to be displayed in the Edit Certificate Profile page. After an extended key usage has been added, it is possible to select it for a certificate profile in the Edit Certificate Profile page.

There are no restrictions on how many extended key usages can be added other than database-related limitations.

Removing an Extended Key Usage

When removing an extended key usage from the list of available usages in the Extended Key Usages tab in the System Configuration page, if that usage is actually in use in a certificate profile, it is not automatically removed from that certificate profile and has to be removed manually by unselecting it from the list of Extended Key Usage in the Edit Certificate Profile page. If not unselected in the certificate profile, the removed extension will still be a part of any certificate issued after the removal but will only be displayed as an OID in the Edit Certificate Profile page.

Also when removing an extended key usage that is in use, a warning message will be displayed listing the certificate profiles that are still using it.