Validating xp
10-May-2020 19:04
The alternative is to present the AIA path using HTTP, a more common and Internet-friendly means of distribution.
When using HTTP ensure that the web servers publishing the AIA path are highly available and scalable to handle requests from every client that may need to validate a certificate issued by the CA.
Values for the EKU field are defined in a number of different RFCs.
Out-of-the-box this provided options to identify the certificate owner in any of the following ways (ref: This concept is important to note when renewing the key pair on a CA since this is commonly done at around 50% of the CA's validity period meaning that certificates will need to access this path after key renewal occurs.