next up previous contents
Next: Algorithm object identifiers Up: Certificate Profile Previous: Version number(s)   Contents

Certificate extensions

The following extensions will be set appropriately in entity certificates:

basicConstraints
(critical) Not a CA.
keyUsage
digitalSignature, nonRepudiation, keyEncypherment, dataEncypherment.
subjectKeyIdentifier
hash
authorityKeyIdentifier
keyid, issuer:always
subjectAltName
e-mail address, when requested by subscriber
cRLDistributionPoints
URI
nsCaPolicyURL
URL
certificatePolicies
OID 1.3.6.1.4.1.10434.4.2.1.2.2
nsComment
a descriptive string with reference to the CP/CPS
nsCertType
server, client, email (optional)



David Groep 2005-01-07