Next: Algorithm object identifiers
Up: Certificate Profile
Previous: Version number(s)
Contents
The following extensions will be set appropriately in entity certificates:
- basicConstraints
- (critical) Not a CA.
- keyUsage
- digitalSignature, nonRepudiation, keyEncypherment,
dataEncypherment.
- subjectKeyIdentifier
- hash
- authorityKeyIdentifier
- keyid, issuer:always
- subjectAltName
- e-mail address, when requested by subscriber
- cRLDistributionPoints
- URI
- nsCaPolicyURL
- URL
- certificatePolicies
- OID 1.3.6.1.4.1.10434.4.2.1.2.0
- nsComment
- a descriptive string with reference to the CP/CPS
- nsCertType
- server, client, email
David Groep
2001-10-12