search

What does it mean if a certificate extension attribute is marked as critical?

Ngày đăng: 20/12/2022
Trả lời: 0
Lượt xem: 50
Expand section "3.2.1. Managing Certificate Enrollment Profiles Using the PKI Command-line Interface" Collapse section "3.2.1. Managing Certificate Enrollment Profiles Using the PKI Command-line Interface"
  • Expand section "3.2.2. Managing Certificate Enrollment Profiles Using the Java-based Administration Console" Collapse section "3.2.2. Managing Certificate Enrollment Profiles Using the Java-based Administration Console"
  • 3.3. Defining Key Defaults in Profiles
  • 3.4. Configuring Profiles to Enable Renewal Expand section "3.4. Configuring Profiles to Enable Renewal" Collapse section "3.4. Configuring Profiles to Enable Renewal"
  • 3.5. Setting the Signing Algorithms for Certificates Expand section "3.5. Setting the Signing Algorithms for Certificates" Collapse section "3.5. Setting the Signing Algorithms for Certificates"
  • 3.6. Managing CA-Related Profiles Expand section "3.6. Managing CA-Related Profiles" Collapse section "3.6. Managing CA-Related Profiles"
    3. Expand section "3.6.3. Using Random Certificate Serial Numbers" Collapse section "3.6.3. Using Random Certificate Serial Numbers"
  • 3.7. Managing Subject Names and Subject Alternative Names Expand section "3.7. Managing Subject Names and Subject Alternative Names" Collapse section "3.7. Managing Subject Names and Subject Alternative Names"
    4. Expand section "3.7.4. Accepting SAN Extensions from a CSR" Collapse section "3.7.4. Accepting SAN Extensions from a CSR"
  • 4. Setting up Key Archival and Recovery Expand section "4. Setting up Key Archival and Recovery" Collapse section "4. Setting up Key Archival and Recovery"
    2. 4.2. Testing the Key Archival and Recovery Setup
  • 5. Requesting, Enrolling, and Managing Certificates Expand section "5. Requesting, Enrolling, and Managing Certificates" Collapse section "5. Requesting, Enrolling, and Managing Certificates"
    2. 5.2. Creating Certificate Signing Requests Expand section "5.2. Creating Certificate Signing Requests" Collapse section "5.2. Creating Certificate Signing Requests"
      1. Expand section "5.2.1. Generating CSRs Using Command-Line Utilities" Collapse section "5.2.1. Generating CSRs Using Command-Line Utilities"
        1. Expand section "5.2.1.1. Creating a CSR Using certutil" Collapse section "5.2.1.1. Creating a CSR Using certutil"
        2. Expand section "5.2.1.2. Creating a CSR Using PKCS10Client" Collapse section "5.2.1.2. Creating a CSR Using PKCS10Client"
        3. Expand section "5.2.1.3. Creating a CSR Using CRMFPopClient" Collapse section "5.2.1.3. Creating a CSR Using CRMFPopClient"
      2. Expand section "5.2.2. Generating CSRs Using Server-Side Key Generation" Collapse section "5.2.2. Generating CSRs Using Server-Side Key Generation"
        4. Expand section "5.2.2.4. Additional Information" Collapse section "5.2.2.4. Additional Information"
    3. 5.3. Configuring Internet Explorer to Enroll Certificates Expand section "5.3. Configuring Internet Explorer to Enroll Certificates" Collapse section "5.3. Configuring Internet Explorer to Enroll Certificates"
    4. 5.4. Requesting and Receiving Certificates Expand section "5.4. Requesting and Receiving Certificates" Collapse section "5.4. Requesting and Receiving Certificates"
    5. 5.5. Renewing Certificates Expand section "5.5. Renewing Certificates" Collapse section "5.5. Renewing Certificates"
      1. Expand section "5.5.1. Same Keys Renewal" Collapse section "5.5.1. Same Keys Renewal"
        1. Expand section "5.5.1.1. Reusing CSR" Collapse section "5.5.1.1. Reusing CSR"
    6. 5.6. Submitting Certificate requests Using CMC Expand section "5.6. Submitting Certificate requests Using CMC" Collapse section "5.6. Submitting Certificate requests Using CMC"
      1. Expand section "5.6.1. Using CMC Enrollment" Collapse section "5.6.1. Using CMC Enrollment"
      3. Expand section "5.6.3. Practical CMC Enrollment Scenarios" Collapse section "5.6.3. Practical CMC Enrollment Scenarios"
        2. Expand section "5.6.3.2. Obtaining the First Signing Certificate for a User" Collapse section "5.6.3.2. Obtaining the First Signing Certificate for a User"
        3. Expand section "5.6.3.3. Obtaining an Encryption-only Certificate for a User" Collapse section "5.6.3.3. Obtaining an Encryption-only Certificate for a User"
    7. 5.7. Performing Bulk Issuance
    8. 5.8. Enrolling a Certificate on a Cisco Router Expand section "5.8. Enrolling a Certificate on a Cisco Router" Collapse section "5.8. Enrolling a Certificate on a Cisco Router"
  • 6. Using and Configuring the Token Management System: TPS and TKS Expand section "6. Using and Configuring the Token Management System: TPS and TKS" Collapse section "6. Using and Configuring the Token Management System: TPS and TKS"
    2. 6.2. TPS Operations
    3. 6.3. Token Policies
    4. 6.4. Token Operation and Policy Processing
    5. 6.5. Internal Registration
    6. 6.6. External Registration Expand section "6.6. External Registration" Collapse section "6.6. External Registration"
    7. 6.7. Mapping Resolver Configuration Expand section "6.7. Mapping Resolver Configuration" Collapse section "6.7. Mapping Resolver Configuration"
    8. 6.8. Authentication Configuration
    9. 6.9. Connectors
    10. 6.10. Revocation Routing Configuration
    11. 6.11. Setting Up Server-side Key Generation
    12. 6.12. Setting Up New Key Sets
    13. 6.13. Setting Up a New Master Key Expand section "6.13. Setting Up a New Master Key" Collapse section "6.13. Setting Up a New Master Key"
    14. 6.14. Setting Up a TKS/TPS Shared Symmetric Key Expand section "6.14. Setting Up a TKS/TPS Shared Symmetric Key" Collapse section "6.14. Setting Up a TKS/TPS Shared Symmetric Key"
    15. 6.15. Using Different Applets for Different SCP Versions
  • 7. Revoking Certificates and Issuing CRLs Expand section "7. Revoking Certificates and Issuing CRLs" Collapse section "7. Revoking Certificates and Issuing CRLs"
    1. Expand section "7.1. About Revoking Certificates" Collapse section "7.1. About Revoking Certificates"
    2. 7.2. Performing a CMC Revocation Expand section "7.2. Performing a CMC Revocation" Collapse section "7.2. Performing a CMC Revocation"
      2. Expand section "7.2.2. Revoking a Certificate Using CMCRevoke" Collapse section "7.2.2. Revoking a Certificate Using CMCRevoke"
    3. 7.3. Issuing CRLs Expand section "7.3. Issuing CRLs" Collapse section "7.3. Issuing CRLs"
      5. Expand section "7.3.5. Generating CRLs from Cache" Collapse section "7.3.5. Generating CRLs from Cache"
    4. 7.4. Setting Full and Delta CRL Schedules Expand section "7.4. Setting Full and Delta CRL Schedules" Collapse section "7.4. Setting Full and Delta CRL Schedules"
    5. 7.5. Enabling Revocation Checking
    6. 7.6. Using the Online Certificate Status Protocol (OCSP) Responder Expand section "7.6. Using the Online Certificate Status Protocol (OCSP) Responder" Collapse section "7.6. Using the Online Certificate Status Protocol (OCSP) Responder"
      2. Expand section "7.6.2. Identifying the CA to the OCSP Responder" Collapse section "7.6.2. Identifying the CA to the OCSP Responder"
  • III. Additional Configuration to Manage CA Services Expand section "III. Additional Configuration to Manage CA Services" Collapse section "III. Additional Configuration to Manage CA Services"
    1. 8. Publishing Certificates and CRLs Expand section "8. Publishing Certificates and CRLs" Collapse section "8. Publishing Certificates and CRLs"
      1. Expand section "8.1. About Publishing" Collapse section "8.1. About Publishing"
      2. 8.2. Configuring Publishing to a File
      3. 8.3. Configuring Publishing to an OCSP Expand section "8.3. Configuring Publishing to an OCSP" Collapse section "8.3. Configuring Publishing to an OCSP"
      4. 8.4. Configuring Publishing to an LDAP Directory Expand section "8.4. Configuring Publishing to an LDAP Directory" Collapse section "8.4. Configuring Publishing to an LDAP Directory"
      5. 8.5. Creating Rules
      6. 8.6. Enabling Publishing
      7. 8.7. Enabling a Publishing Queue
      8. 8.8. Setting up Resumable CRL Downloads Expand section "8.8. Setting up Resumable CRL Downloads" Collapse section "8.8. Setting up Resumable CRL Downloads"
      9. 8.9. Publishing Cross-Pair Certificates
      10. 8.10. Testing Publishing to Files
      11. 8.11. Viewing Certificates and CRLs Published to File
      12. 8.12. Updating Certificates and CRLs in a Directory Expand section "8.12. Updating Certificates and CRLs in a Directory" Collapse section "8.12. Updating Certificates and CRLs in a Directory"
      13. 8.13. Registering Custom Mapper and Publisher Plug-in Modules
    2. 9. Authentication for Enrolling Certificates Expand section "9. Authentication for Enrolling Certificates" Collapse section "9. Authentication for Enrolling Certificates"
      2. 9.2. Automated Enrollment Expand section "9.2. Automated Enrollment" Collapse section "9.2. Automated Enrollment"
        4. Expand section "9.2.4. Configuring Flat File Authentication" Collapse section "9.2.4. Configuring Flat File Authentication"
      3. 9.3. CMC Authentication Plug-ins
      4. 9.4. CMC SharedSecret Authentication Expand section "9.4. CMC SharedSecret Authentication" Collapse section "9.4. CMC SharedSecret Authentication"
        2. Expand section "9.4.2. Setting a CMC Shared Secret" Collapse section "9.4.2. Setting a CMC Shared Secret"
      5. 9.5. Testing Enrollment
      6. 9.6. Registering Custom Authentication Plug-ins
      7. 9.7. Manually Reviewing the Certificate Status Using the Command Line
      8. 9.8. Manually Reviewing the Certificate Status Using the Web Interface
    3. 10. Authorization for Enrolling Certificates (Access Evaluators) Expand section "10. Authorization for Enrolling Certificates (Access Evaluators)" Collapse section "10. Authorization for Enrolling Certificates (Access Evaluators)"
      2. 10.2. Default Evaluators
    4. 11. Using Automated Notifications Expand section "11. Using Automated Notifications" Collapse section "11. Using Automated Notifications"
      1. Expand section "11.1. About Automated Notifications for the CA" Collapse section "11.1. About Automated Notifications for the CA"
      2. 11.2. Setting up Automated Notifications for the CA Expand section "11.2. Setting up Automated Notifications for the CA" Collapse section "11.2. Setting up Automated Notifications for the CA"
      3. 11.3. Customizing Notification Messages Expand section "11.3. Customizing Notification Messages" Collapse section "11.3. Customizing Notification Messages"
      4. 11.4. Configuring a Mail Server for Certificate System Notifications
      5. 11.5. Creating Custom Notifications for the CA
    5. 12. Setting Automated Jobs Expand section "12. Setting Automated Jobs" Collapse section "12. Setting Automated Jobs"
      1. Expand section "12.1. About Automated Jobs" Collapse section "12.1. About Automated Jobs"
        2. Expand section "12.1.2. Types of Automated Jobs" Collapse section "12.1.2. Types of Automated Jobs"
      2. 12.2. Setting up the Job Scheduler
      3. 12.3. Setting up Specific Jobs Expand section "12.3. Setting up Specific Jobs" Collapse section "12.3. Setting up Specific Jobs"
      4. 12.4. Registering a Job Module
  • IV. Managing the Subsystem Instances Expand section "IV. Managing the Subsystem Instances" Collapse section "IV. Managing the Subsystem Instances"
    1. 13. Basic Subsystem Management Expand section "13. Basic Subsystem Management" Collapse section "13. Basic Subsystem Management"
      2. 13.2. PKI Instance Execution Management Expand section "13.2. PKI Instance Execution Management" Collapse section "13.2. PKI Instance Execution Management"
      3. 13.3. Opening Subsystem Consoles and Services Expand section "13.3. Opening Subsystem Consoles and Services" Collapse section "13.3. Opening Subsystem Consoles and Services"
      4. 13.4. Running Subsystems under a Java Security Manager Expand section "13.4. Running Subsystems under a Java Security Manager" Collapse section "13.4. Running Subsystems under a Java Security Manager"
      5. 13.5. Configuring the LDAP Database Expand section "13.5. Configuring the LDAP Database" Collapse section "13.5. Configuring the LDAP Database"
      6. 13.6. Viewing Security Domain Configuration
      7. 13.7. Managing the SELinux Policies for Subsystems Expand section "13.7. Managing the SELinux Policies for Subsystems" Collapse section "13.7. Managing the SELinux Policies for Subsystems"
      8. 13.8. Backing up and Restoring Certificate System Expand section "13.8. Backing up and Restoring Certificate System" Collapse section "13.8. Backing up and Restoring Certificate System"
        1. Expand section "13.8.1. Backing up and Restoring the LDAP Internal Database" Collapse section "13.8.1. Backing up and Restoring the LDAP Internal Database"
          1. Expand section "13.8.1.1. Backing up the LDAP Internal Database" Collapse section "13.8.1.1. Backing up the LDAP Internal Database"
          2. Expand section "13.8.1.2. Restoring the LDAP Internal Database" Collapse section "13.8.1.2. Restoring the LDAP Internal Database"
      9. 13.9. Running Self-Tests Expand section "13.9. Running Self-Tests" Collapse section "13.9. Running Self-Tests"
        1. Expand section "13.9.1. Running Self-Tests" Collapse section "13.9.1. Running Self-Tests"
        3. Expand section "13.9.3. Configuring POSIX System ACLs" Collapse section "13.9.3. Configuring POSIX System ACLs"
    2. 14. Managing Certificate System Users and Groups Expand section "14. Managing Certificate System Users and Groups" Collapse section "14. Managing Certificate System Users and Groups"
      2. 14.2. Default Groups Expand section "14.2. Default Groups" Collapse section "14.2. Default Groups"
      3. 14.3. Managing Users and Groups for a CA, OCSP, KRA, or TKS Expand section "14.3. Managing Users and Groups for a CA, OCSP, KRA, or TKS" Collapse section "14.3. Managing Users and Groups for a CA, OCSP, KRA, or TKS"
        1. Expand section "14.3.1. Managing Groups" Collapse section "14.3.1. Managing Groups"
        2. Expand section "14.3.2. Managing Users (Administrators, Agents, and Auditors)" Collapse section "14.3.2. Managing Users (Administrators, Agents, and Auditors)"
          1. Expand section "14.3.2.1. Creating Users" Collapse section "14.3.2.1. Creating Users"
      4. 14.4. Creating and Managing Users for a TPS Expand section "14.4. Creating and Managing Users for a TPS" Collapse section "14.4. Creating and Managing Users for a TPS"
        1. Expand section "14.4.1. Listing and Searching for Users" Collapse section "14.4.1. Listing and Searching for Users"
        2. Expand section "14.4.2. Adding Users" Collapse section "14.4.2. Adding Users"
          1. Expand section "14.4.2.1. From the Web UI" Collapse section "14.4.2.1. From the Web UI"
        4. Expand section "14.4.4. Managing User Roles" Collapse section "14.4.4. Managing User Roles"
      5. 14.5. Configuring Access Control for Users Expand section "14.5. Configuring Access Control for Users" Collapse section "14.5. Configuring Access Control for Users"
    3. 15. Configuring Subsystem Logs Expand section "15. Configuring Subsystem Logs" Collapse section "15. Configuring Subsystem Logs"
      1. Expand section "15.1. About Certificate System Logs" Collapse section "15.1. About Certificate System Logs"
        3. Expand section "15.1.3. Debug Logs" Collapse section "15.1.3. Debug Logs"
      2. 15.2. Managing Logs Expand section "15.2. Managing Logs" Collapse section "15.2. Managing Logs"
        1. Expand section "15.2.1. An Overview of Log Settings" Collapse section "15.2.1. An Overview of Log Settings"
        4. Expand section "15.2.4. Managing Audit Logs" Collapse section "15.2.4. Managing Audit Logs"
      3. 15.3. Using Logs Expand section "15.3. Using Logs" Collapse section "15.3. Using Logs"
        2. Expand section "15.3.2. Using Signed Audit Logs" Collapse section "15.3.2. Using Signed Audit Logs"
        3. Expand section "15.3.3. Displaying Operating System-level Audit Logs" Collapse section "15.3.3. Displaying Operating System-level Audit Logs"
    4. 16. Managing Subsystem Certificates Expand section "16. Managing Subsystem Certificates" Collapse section "16. Managing Subsystem Certificates"
      1. Expand section "16.1. Required Subsystem Certificates" Collapse section "16.1. Required Subsystem Certificates"
        1. Expand section "16.1.1. Certificate Manager Certificates" Collapse section "16.1.1. Certificate Manager Certificates"
        2. Expand section "16.1.2. Online Certificate Status Manager Certificates" Collapse section "16.1.2. Online Certificate Status Manager Certificates"
        3. Expand section "16.1.3. Key Recovery Authority Certificates" Collapse section "16.1.3. Key Recovery Authority Certificates"
        4. Expand section "16.1.4. TKS Certificates" Collapse section "16.1.4. TKS Certificates"
        5. Expand section "16.1.5. TPS Certificates" Collapse section "16.1.5. TPS Certificates"
      2. 16.2. Requesting Certificates through the Console Expand section "16.2. Requesting Certificates through the Console" Collapse section "16.2. Requesting Certificates through the Console"
      3. 16.3. Renewing Subsystem Certificates Expand section "16.3. Renewing Subsystem Certificates" Collapse section "16.3. Renewing Subsystem Certificates"
      4. 16.4. Changing the Names of Subsystem Certificates
      5. 16.5. Using Cross-Pair Certificates Expand section "16.5. Using Cross-Pair Certificates" Collapse section "16.5. Using Cross-Pair Certificates"
      6. 16.6. Managing the Certificate Database Expand section "16.6. Managing the Certificate Database" Collapse section "16.6. Managing the Certificate Database"
        1. Expand section "16.6.1. Installing Certificates in the Certificate System Database" Collapse section "16.6.1. Installing Certificates in the Certificate System Database"
        2. Expand section "16.6.2. Viewing Database Content" Collapse section "16.6.2. Viewing Database Content"
        3. Expand section "16.6.3. Deleting Certificates from the Database" Collapse section "16.6.3. Deleting Certificates from the Database"
      7. 16.7. Changing the Trust Settings of a CA Certificate Expand section "16.7. Changing the Trust Settings of a CA Certificate" Collapse section "16.7. Changing the Trust Settings of a CA Certificate"
      8. 16.8. Managing Tokens Used by the Subsystems Expand section "16.8. Managing Tokens Used by the Subsystems" Collapse section "16.8. Managing Tokens Used by the Subsystems"
    5. 17. Setting Time and Date in Red Hat Enterprise Linux 7
    6. 18. Determining Certificate System Product Version
    7. 19. Updating Red Hat Certificate System
    8. 20. Troubleshooting
    9. 21. Subsystem Control And maintenance Expand section "21. Subsystem Control And maintenance" Collapse section "21. Subsystem Control And maintenance"
      2. 21.2. Subsystem Health Check
  • V. References Expand section "V. References" Collapse section "V. References"
    1. A. Certificate Profile Input and Output Reference Expand section "A. Certificate Profile Input and Output Reference" Collapse section "A. Certificate Profile Input and Output Reference"
      1. Expand section "A.1. Input Reference" Collapse section "A.1. Input Reference"
      2. A.2. Output Reference Expand section "A.2. Output Reference" Collapse section "A.2. Output Reference"
    2. B. Defaults, Constraints, and Extensions for Certificates and CRLs Expand section "B. Defaults, Constraints, and Extensions for Certificates and CRLs" Collapse section "B. Defaults, Constraints, and Extensions for Certificates and CRLs"
      1. Expand section "B.1. Defaults Reference" Collapse section "B.1. Defaults Reference"
      2. B.2. Constraints Reference Expand section "B.2. Constraints Reference" Collapse section "B.2. Constraints Reference"
      3. B.3. Standard X.509 v3 Certificate Extension Reference Expand section "B.3. Standard X.509 v3 Certificate Extension Reference" Collapse section "B.3. Standard X.509 v3 Certificate Extension Reference"
      4. B.4. CRL Extensions Expand section "B.4. CRL Extensions" Collapse section "B.4. CRL Extensions"
        1. Expand section "B.4.1. About CRL Extensions" Collapse section "B.4.1. About CRL Extensions"
        2. Expand section "B.4.2. Standard X.509 v3 CRL Extensions Reference" Collapse section "B.4.2. Standard X.509 v3 CRL Extensions Reference"
          1. Expand section "B.4.2.1. Extensions for CRLs" Collapse section "B.4.2.1. Extensions for CRLs"
          2. Expand section "B.4.2.2. CRL Entry Extensions" Collapse section "B.4.2.2. CRL Entry Extensions"
        3. Expand section "B.4.3. Netscape-Defined Certificate Extensions Reference" Collapse section "B.4.3. Netscape-Defined Certificate Extensions Reference"
    3. C. Publishing Module Reference Expand section "C. Publishing Module Reference" Collapse section "C. Publishing Module Reference"
      1. Expand section "C.1. Publisher Plug-in Modules" Collapse section "C.1. Publisher Plug-in Modules"
      2. C.2. Mapper Plug-in Modules Expand section "C.2. Mapper Plug-in Modules " Collapse section "C.2. Mapper Plug-in Modules "
        1. Expand section "C.2.1. LdapCaSimpleMap" Collapse section "C.2.1. LdapCaSimpleMap"
        5. Expand section "C.2.5. LdapDNCompsMap" Collapse section "C.2.5. LdapDNCompsMap"
      3. C.3. Rule Instances Expand section "C.3. Rule Instances" Collapse section "C.3. Rule Instances"
    4. D. ACL Reference Expand section "D. ACL Reference" Collapse section "D. ACL Reference"
      2. D.2. Common ACLs Expand section "D.2. Common ACLs" Collapse section "D.2. Common ACLs"
      3. D.3. Certificate Manager-Specific ACLs Expand section "D.3. Certificate Manager-Specific ACLs" Collapse section "D.3. Certificate Manager-Specific ACLs"
      4. D.4. Key Recovery Authority-Specific ACLs Expand section "D.4. Key Recovery Authority-Specific ACLs" Collapse section "D.4. Key Recovery Authority-Specific ACLs"
      5. D.5. Online Certificate Status Manager-Specific ACLs Expand section "D.5. Online Certificate Status Manager-Specific ACLs" Collapse section "D.5. Online Certificate Status Manager-Specific ACLs"
      6. D.6. Token Key Service-Specific ACLs Expand section "D.6. Token Key Service-Specific ACLs" Collapse section "D.6. Token Key Service-Specific ACLs"
    5. E. Audit Events Expand section "E. Audit Events" Collapse section "E. Audit Events"
    6. Glossary
    7. Index
  • F. Revision History
  • Legal Notice

    • Show

    Settings Close

    • Language: Language:
      • 日本語
      • 简体中文
      • English
    • Format: Format:
      • Multi-page
      • Single-page
      • PDF
      • ePub

    Language and Page Formatting Options

    • Language: Language:
      • 日本語
      • 简体中文
      • English
    • Format: Format:
      • Multi-page
      • Single-page
      • PDF
      • ePub

    B.3. Standard X.509 v3 Certificate Extension Reference

    An X.509 v3 certificate contains an extension field that permits any number of additional fields to be added to the certificate. Certificate extensions provide a way of adding information such as alternative subject names and usage restrictions to certificates. Older Netscape servers, such as Red Hat Directory Server and Red Hat Certificate System, that were developed before PKIX part 1 standards were defined require Netscape-specific extensions.

    The following is an example of the section of a certificate containing X.509 v3 extensions. The Certificate System can display certificates in readable pretty-print format, as shown here. As in this example, certificate extensions appear in sequence and only one instance of a particular extension may appear per certificate; for example, a certificate may contain only one subject key identifier extension. Certificates that support these extensions have the version 0x2 (which corresponds to version 3).

    Example B.4. Sample Pretty-Print Certificate Extensions

    Data:
  Version:  v3
  Serial Number: 0x1
  Signature Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
  Issuer: CN=Certificate Manager,OU=netscape,O=ExampleCorp,L=MV,ST=CA,C=US
  Validity:
    Not Before: Friday, February 21, 2005 12:00:00 AM PST America/Los_Angeles
    Not  After: Monday, February 21, 2007 12:00:00 AM PST America/Los_Angeles
  Subject: CN=Certificate Manager,OU=netscape,O=ExampleCorp,L=MV,ST=CA,C=US
  Subject Public Key Info:
    Algorithm: RSA - 1.2.840.113549.1.1.1
    Public Key:
      Exponent: 65537
      Public Key Modulus: (2048 bits) :
        E4:71:2A:CE:E4:24:DC:C4:AB:DF:A3:2E:80:42:0B:D9:
        CF:90:BE:88:4A:5C:C5:B3:73:BF:49:4D:77:31:8A:88:
        15:A7:56:5F:E4:93:68:83:00:BB:4F:C0:47:03:67:F1:
        30:79:43:08:1C:28:A8:97:70:40:CA:64:FA:9E:42:DF:
        35:3D:0E:75:C6:B9:F2:47:0B:D5:CE:24:DD:0A:F7:84:
        4E:FA:16:29:3B:91:D3:EE:24:E9:AF:F6:A1:49:E1:96:
        70:DE:6F:B2:BE:3A:07:1A:0B:FD:FE:2F:75:FD:F9:FC:
        63:69:36:B6:5B:09:C6:84:92:17:9C:3E:64:C3:C4:C9
  Extensions:
    Identifier: Netscape Certificate Type - 2.16.840.1.113730.1.1
      Critical: no
      Certificate Usage:
        SSL CA
        Secure Email CA
        ObjectSigning CA
    Identifier: Basic Constraints - 2.5.29.19
      Critical: yes
      Is CA: yes
      Path Length Constraint: UNLIMITED
    Identifier: Subject Key Identifier - 2.5.29.14
      Critical: no
      Key Identifier:
        3B:46:83:85:27:BC:F5:9D:8E:63:E3:BE:79:EF:AF:79:
        9C:37:85:84
    Identifier: Authority Key Identifier - 2.5.29.35
      Critical: no
      Key Identifier:
        3B:46:83:85:27:BC:F5:9D:8E:63:E3:BE:79:EF:AF:79:
        9C:37:85:84
    Identifier: Key Usage: - 2.5.29.15
      Critical: yes
      Key Usage:
        Digital Signature
        Key CertSign
        Crl Sign
  Signature:
    Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
    Signature:
      AA:96:65:3D:10:FA:C7:0B:74:38:2D:93:54:32:C0:5B:
      2F:18:93:E9:7C:32:E6:A4:4F:4E:38:93:61:83:3A:6A:
      A2:11:91:C2:D2:A3:48:07:6C:07:54:A8:B8:42:0E:B4:
      E4:AE:42:B4:B5:36:24:46:4F:83:61:64:13:69:03:DF:
      41:88:0B:CB:39:57:8C:6B:9F:52:7E:26:F9:24:5E:E7:
      BC:FB:FD:93:13:AF:24:3A:8F:DB:E3:DC:C9:F9:1F:67:
      A8:BD:0B:95:84:9D:EB:FC:02:95:A0:49:2C:05:D4:B0:
      35:EA:A6:80:30:20:FF:B1:85:C8:4B:74:D9:DC:BB:50

    An object identifier (OID) is a string of numbers identifying a unique object, such as a certificate extension or a company's certificate practice statement. The Certificate System comes with a set of extension-specific profile plug-in modules which enable X.509 certificate extensions to be added to the certificates the server issues. Some of the extensions contain fields for specifying OIDs.

    The PKIX standard recommends that all objects, such as extensions and statements, that are used in certificates be included in the form of an OID. This promotes interoperability between organizations on a shared network. If certificates will be issued that will be used on shared networks, register the OID prefixes with the appropriate registration authority.

    OIDs are controlled by the International Standards Organization (ISO) registration authority. In some cases, this authority is delegated by ISO to regional registration authorities. In the United States, the American National Standards Institute (ANSI) manages this registration.

    Using an OID registered to another organization or failing to register an OID may carry legal consequences, depending the situation. Registration may be subject to fees. For more information, contact the appropriate registration authority.

    To define or assign OIDs for custom objects, know the company's arc, an OID for a private enterprise. If the company does not have an arc, it needs to get one. The http://www.alvestrand.no/objectid/ has more information on registering and using OIDs.

    For example, the Netscape-defined OID for an extension named Netscape Certificate Comment is 2.16.840.1.113730.1.13. The OID assigned to this extension is hierarchical and includes the former Netscape company arc, 2.16.840.1. The OID definition entry is http://www.alvestrand.no/objectid/2.16.840.1.113730.1.13.html.

    If an OID extension exists in a certificate and is marked critical, the application validating the certificate must be able to interpret the extension, including any optional qualifiers, or it must reject the certificate. Since it is unlikely that all applications will be able to interpret a company's custom extensions embedded in the form of OIDs, the PKIX standard recommends that the extension be always marked noncritical.

    This section summarizes the extension types defined as part of the Internet X.509 version 3 standard and indicates which types are recommended by the PKIX working group.

    This reference summarizes important information about each certificate. For complete details, see both the X.509 v3 standard, available from the ITU, and Internet X.509 Public Key Infrastructure - Certificate and CRL Profile (RFC 3280), available at RFC 3280. The descriptions of extensions reference the RFC and section number of the standard draft that discusses the extension; the object identifier (OID) for each extension is also provided.

    Each extension in a certificate can be designated as critical or noncritical. A certificate-using system, such as a web browser, must reject the certificate if it encounters a critical extension it does not recognize; however, a noncritical extension can be ignored if it is not recognized.

    B.3.1. authorityInfoAccess

    The Authority Information Access extension indicates how and where to access information about the issuer of the certificate. The extension contains an accessMethod and an accessLocation field. accessMethod specifies by OID the type and format of information about the issuer named in accessLocation.

    PKIX Part 1 defines one accessMethod (id-ad-caIssuers) to get a list of CAs that have issued certificates higher in the CA chain than the issuer of the certificate using the extension. The accessLocation field then typically contains a URL indicating the location and protocol (LDAP, HTTP, or FTP) used to retrieve the list.

    The Online Certificate Status Protocol (RFC 2560), available at RFC 2560, defines an accessMethod (0x21) for using OCSP to verify certificates. The accessLocation field then contains a URL indicating the location and protocol used to access an OCSP responder that can validate the certificate.

    OID

    1.3.6.1.5.5.7.1.1

    Criticality

    This extension must be noncritical.

    B.3.2. authorityKeyIdentifier

    The Authority Key Identifier extension identifies the public key corresponding to the private key used to sign a certificate. This extension is useful when an issuer has multiple signing keys, such as when a CA certificate is renewed.

    The extension consists of one or both of the following:

    • An explicit key identifier, set in the 0x23 field

    • An issuer, set in the 0x24 field, and serial number, set in the 0x25 field, identifying a certificate

    If the 0x23 field exists, it is used to select the certificate with a matching 0x27 extension. If the 0x24 and 0x25 fields are present, then they are used to identify the correct certificate by Netscape Certificate Comment0 and Netscape Certificate Comment1.

    If this extension is not present, then the issuer name alone is used to identify the issuer certificate.

    PKIX Part 1 requires this extension for all CA certificates and recommends it for all other certificates.

    What is certificate critical extension?

    The "critical" flag is for extensions which are not standard: you make such an extension critical if it is important for security (implementations which do not understand the extension should reject the certificate), or non-critical otherwise (implementations which do not understand the extension can then safely ignore ...

    What are extensions in certificates?

    Certificate extensions are information fields that provide additional information about the certificate. Certificate extensions provide a means of expanding the original X. 509 certificate information standards.

    What is extended key usage in certificate?

    Key usage extensions define the purpose of the public key contained in a certificate. You can use them to restrict the public key to as few or as many operations as needed. For example, if you have a key used only for signing or verifying a signature, enable the digital signature and/or non-repudiation extensions.

    What is x509v3 subject key identifier?

    The authority key identifier (AKI) is an X. 509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate. In the above certificate, authority key identifier (AKI) is selected.

    RFC 5280 X509 certificate extension Certificate extensions Certificate extension types X509 key usage Authority key identifier KeyUsage

    Bài Viết Liên Quan

    Địa chỉ ip và tên miền là gì tin 10 năm 2024
    Địa chỉ ip và tên miền là gì tin 10 năm 2024

    là ai Hỏi Đáp Là gì
    Chương trình sds canada có ở những bang nào năm 2024
    Chương trình sds canada có ở những bang nào năm 2024

    mẹo hay
    Giải pháp số hóa tài liệu của infoconnect năm 2024
    Giải pháp số hóa tài liệu của infoconnect năm 2024

    mẹo hay
    Bãi nổi sông hồng có những loại cat nào năm 2024
    Bãi nổi sông hồng có những loại cat nào năm 2024

    mẹo hay
    Các thần đồng tính khai căn như thế nào năm 2024
    Các thần đồng tính khai căn như thế nào năm 2024

    mẹo hay Hỏi Đáp Thế nào
    Ngày đầu tiên đi làm tiếng anh là gì năm 2024
    Ngày đầu tiên đi làm tiếng anh là gì năm 2024

    là ai Hỏi Đáp Là gì Học Tốt Tiếng anh Starting date
    Bảng clapper board tên tiếng anh là gì năm 2024
    Bảng clapper board tên tiếng anh là gì năm 2024

    là ai Hỏi Đáp Là gì Học Tốt Tiếng anh
    Top 10 nguoi phong vien va ca si dep trai năm 2024
    Top 10 nguoi phong vien va ca si dep trai năm 2024

    mẹo hay Top List Top Giới Tính Trai
    Giải vở cùng em học toán trang38 39 lớp 5 năm 2024
    Giải vở cùng em học toán trang38 39 lớp 5 năm 2024

    mẹo hay Học Tốt Học
    Nguoief hai linh hồn bản địa bắc mĩ là gì năm 2024
    Nguoief hai linh hồn bản địa bắc mĩ là gì năm 2024

    là ai Hỏi Đáp Là gì
    Lỗi compile error in hidden module modcpuid trong autocad năm 2024
    Lỗi compile error in hidden module modcpuid trong autocad năm 2024

    mẹo hay Công Nghệ Cpu
    Lỗi boot filesystem cannot be of type lvmlv năm 2024
    Lỗi boot filesystem cannot be of type lvmlv năm 2024

    mẹo hay Công Nghệ File
    30 phút tiếng anh đọc là gì năm 2024
    30 phút tiếng anh đọc là gì năm 2024

    là ai Hỏi Đáp Là gì Học Tốt Tiếng anh
    Ngành tâm lý học trường nào tốt nhất năm 2024
    Ngành tâm lý học trường nào tốt nhất năm 2024

    mẹo hay Học Tốt Học Top List Tốt nhất Review
    Cây bồn bồn là cây gì năm 2024
    Cây bồn bồn là cây gì năm 2024

    là ai
    Tra cứu hóa đơn tiền điện thoại vnpt khánh hòa năm 2024
    Tra cứu hóa đơn tiền điện thoại vnpt khánh hòa năm 2024

    mẹo hay VNPT Khánh Hòa Hóa đơn VNPT
    Chỉ tiêu khả năng thanh toán gốc vay dài hạn năm 2024
    Chỉ tiêu khả năng thanh toán gốc vay dài hạn năm 2024

    mẹo hay
    Cái tôi cá thể trong văn học là gì năm 2024
    Cái tôi cá thể trong văn học là gì năm 2024

    là ai Hỏi Đáp Là gì Học Tốt Học
    Bài tập ôn tập tiếng anh lớp 6 năm 2024
    Bài tập ôn tập tiếng anh lớp 6 năm 2024

    mẹo hay Khỏe Đẹp Bài tập Học Tốt Tiếng anh
    Lỗi không đi qua vòng xuyến phạt bao nhiêu năm 2024
    Lỗi không đi qua vòng xuyến phạt bao nhiêu năm 2024

    mẹo hay Hỏi Đáp Bao nhiêu

    Quảng Cáo

    Có thể bạn quan tâm

    Chị gái em gái tiếng anh là gì năm 2024
    3 ngày trước . bởi DesperateNutrition
    Ch play bị lỗi khi không tải được ứng dụng năm 2024
    3 ngày trước . bởi DisorientedVampire
    799 nguyễn văn linh p tân phú q7 tp hcm năm 2024
    3 ngày trước . bởi SubsidiaryCriminality
    Mục tiêu của định vị thị trường là gì năm 2024
    3 ngày trước . bởi EsteemedPiles
    Bài tập trắc nghiệm bài amin có đáp án năm 2024
    3 ngày trước . bởi CinematicTheater
    Bài 177 sbt trang 28 toán 6 tập 1 năm 2024
    3 ngày trước . bởi CrimsonOpportunity
    Bài viết văn số 2 văn lớp 11 năm 2024
    3 ngày trước . bởi CobbledAmbulance
    Cách thể hiện nghĩa là gì trong tiếng anh năm 2024
    3 ngày trước . bởi CoordinatedAdoption
    Quảng trường trong tiếng anh là gì năm 2024
    3 ngày trước . bởi DynamicDespotism
    Sửa lỗi cảm ứng đa điểm samsung galaxy năm 2024
    3 ngày trước . bởi RibbedScouring

    Toplist được quan tâm

    #1
    Top 9 review kem chống nắng cho bà bầu 2023
    6 tháng trước
    #2
    Top 5 tiếng anh lớp 2 unit 7 trang 46 2023
    6 tháng trước
    #3
    Top 10 tải: mẫu the nhân viên trên excel 2023
    6 tháng trước
    #4
    Top 7 tuyển dụng nhân viên chốt đơn tại nhà 2023
    6 tháng trước
    #5
    Top 7 mẫu nhà 2 tầng chữ l 100m2 mái bằng 2023
    6 tháng trước
    #6
    Top 4 truyện ngắn về quê hương lớp 2 2023
    6 tháng trước
    #7
    Top 6 sơ đồ bộ máy nhà nước thời hồ 2023
    6 tháng trước
    #8
    Top 8 trước việc nhật đảo chính pháp, đảng ta có chủ trương gì mới 2023
    6 tháng trước
    #9
    Top 7 dân số đông đã đem đến cho nước ta 2023
    6 tháng trước

    Quảng cáo

    Xem Nhiều

    Tuổi nhâm thân xây nhà hợp hướng nào năm 2024
    1 tuần trước . bởi DownhillActuality
    Trường trung cấp nghề 19 thái bình năm 2024
    3 ngày trước . bởi BipartisanProvider
    Can mua nền mặt tiền đường phạm văn nhờ năm 2024
    1 tuần trước . bởi UnendingCassette
    What have you been up to có nghĩa là gì năm 2024
    1 tuần trước . bởi DownwardAnemia
    Làm thế nào để lưu ứng dụng vào thẻ nhớ năm 2024
    2 ngày trước . bởi AuthoritarianPharaoh
    Hóa học vô cơ nâng cao hoàng nhâm pdf năm 2024
    1 tuần trước . bởi NervousVogue
    Máy bán card điện thoại truemoney bị lỗi năm 2024
    2 ngày trước . bởi IntoxicatingCassette
    Cơ chế giao vốn cho doanh nghiệp là gì năm 2024
    22 giờ trước . bởi MisguidedPrecinct
    Bài văn khấn chuộc nhà khi mượn tuổi năm 2024
    1 tuần trước . bởi HomemadeAnnoyance
    Can thiệp mạch vành qua da là gì năm 2024
    1 tuần trước . bởi StuffyApartheid

    Quảng cáo

    Chúng tôi

    Điều khoản

    Trợ giúp

    Mạng xã hội

    DMCA.com Protection Status
    Bản quyền © 2021 MarketingBlog Inc.