Extendedkeyusageext - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

Table 12-21 CRLDistributionPointsExt Configuration Parameters (Continued)
Parameter Description
Specifies revocation reasons covered by the CRL maintained at the distribution point. Provide
reasons<n>
a comma-separated list of the following constants:
• unused
• keyCompromise
• cACompromise
• affiliationChanged
• superseded
• cessationOfOperation
•
Specifies the name of the issuer that has signed the CRL maintained at distribution point, the
issuerName<n>
name can be in any of the following formats:
•
•
Specifies the general-name type of the CRL issuer that has signed the CRL maintained at
issuerType<n>
distribution point.
Permissible values: DirectoryName or URI. The value you specify for this parameter must
correspond to the value in the issuerName field.
•
•

ExtendedKeyUsageExt

The
ExtendedKeyUsageExt
Extension to certificates. The extension identifies one or more purposes—in addition to or
in place of the basic purposes indicated in the key usage extension—for which the certified
public key may be used. For example, if the key usage extension identifies a key to be used
for signing, the extended key usage extension can further narrow down the usage of the key
for signing OCSP responses only or for signing Java applets only. (For information on key
usage extension, see "KeyUsageExt" on page 513.)
For general information about this extension, see "extKeyUsage" on page 734.
certificateHold
An X.500 directory name in the RFC 2253 syntax. For example:
CN=CA Central, OU=Research Dept, O=Example Corporation, C=US
A URI; for example, it would look similar to this:
http://testCA.example.com:80
Select DirectoryName if the value in the issuerName field is an X.500 directory
name (default).
Select URI if the value in the issuerName field is a uniform resource indicator.
plug-in module enables you to add the Extended Key Usage
Extension-Specific Policy Module Reference
Chapter 12 Policies 503