X509 Certificate Purpose Setting

I would like to ask when is the purpose of a certificate, like Server Authentication, Client Authentication, set for the certificate.

Is it when we generate the CSR or when it is signed by the CA?

Solution

The CSR is a Certificate Signing Request. If it is a PKCS#10 request (by far the most common type) it can indicate which extensions are requested and that can include the Extended Key Usage (aka purpose). But the CA ultimately decides what to include when it creates and signs the cert. It could choose not to issue a cert. It could issue a cert with a subset of the requested attributes. It could issue a cert that is completely different. It could issue a cert that is exactly what the CSR requested.

How to setup proper SSL between 2 Scala/Akka web services?
problems with Crypt::SSLeay and using HTTPS request?
Why does Google Calendar.Events.Watch say my request is not HTTPS
Will browser pull from cache if the same resource is being requested by a different origin?
How to I deploy nextjs application in a production environment, using ssl?
Nginx configuration issue with https on windows
SSL Certificate add failed, Error: 183 Cannot create a file when that file already exists - How to bound certificate to ipport?
How do I launch nextjs app with https in production?
Microsoft-Windows-WinINet-Capture equivalent to capture HTTPS traffic and see content in plaintext
How to force Laravel Project to use HTTPS for all routes?
Using Keycloak behind a reverse proxy: Could not open Admin loginpage because mixed Content
Converting a Java Keystore into PEM Format
How do I disable the security certificate check in Python requests
How do I switch Docker containers with .NET Blazor applications from HTTP to HTTPS?
"Unknown SSL protocol error" when connecting to HTTPS site
Mule HTTPS POST request not working when deployed to Cloudhub
meta tags not showing up in fb-messenger&discord ect... -> when using https
nodejs: listen EACCES: permission denied 0.0.0.0:80
javax.net.ssl.SSLException: Certificate for <> doesn't match any of the subject alternative names: []
how to monitor the network on node.js similar to chrome/firefox developer tools?
Django redirecting http -> https
GitHub authentication failing over https, returning wrong email address
Problem with loading jpg images in NextJS with NGINX over HTTPS
POST call using https.request returns 408
Your connection is not private NET::ERR_CERT_COMMON_NAME_INVALID
UEFI Application: Unable to fetch the body of Http GET request
How do I generate the correct TOTP with Node with correct Headers and SHA512 hashed Token?
SSL handshake failure in Java Agent (in HCL Notes 14)
Debugging HTTP traffic originating from npm install using Fiddler
Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?