Sample Certificate Extensions - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.3 - ADMINISTRATION:
- Manual (98 pages) ,
- Release note (24 pages) ,
- Manual (76 pages)
Table of Contents
Advertisement
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
The means a certificate extension consists of the following:
• The object identifier (OID) for the extension. This identifier uniquely identifies the extension. It also
determines the ASN.1 type of value in the value field and how the value is interpreted. When an
extension appears in a certificate, the OID appears as the extension ID field (extnID) and the
corresponding ASN.1 encoded structure appears as the value of the octet string (extnValue);
examples of this are in
• A flag or boolean field called critical.
The value, which can be either true or false, assigned to this field indicates whether the
extension is critical or noncritical to the certificate.
• If the extension is critical and the certificate is sent to an application that does not understand the
extension based on the extension's ID, the application must reject the certificate.
• If the extension is not critical and the certificate is sent to an application that does not understand
the extension based on the extension's ID, the application can ignore the extension and accept
the certificate.
• An octet string containing the DER encoding of the value of the extension.
Typically, the application receiving the certificate checks the extension ID to determine if it can
recognize the ID. If it can, it uses the extension ID to determine the type of value used.
Some of the standard extensions defined in the X.509 v3 standard include the following:
• Authority Key Identifier extension, which identifies the CA's public key, the key used to sign the
certificate.
• Subject Key Identifier extension, which identifies the subject's public key, the key being certified.
NOTE
Not all applications support certificates with version 3 extensions. Applications that
do support these extensions may not be able to interpret some or all of these specific
extensions.
A.1.2. Sample Certificate Extensions
The following is an example of the section of a certificate containing X.509 v3 extensions. The
Certificate System can display certificates in readable pretty-print format, as shown here. As in this
example, certificate extensions appear in sequence and only one instance of a particular extension
may appear per certificate; for example, a certificate may contain only one subject key identifier
extension. Certificates that support these extensions have the version 0x2 (which corresponds to
version 3).
Data:
Version:
v3
Serial Number: 0x1
}
Section A.1.2, "Sample Certificate
Sample Certificate Extensions
Extensions".
461
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.3 - ADMINISTRATION and is the answer not in the manual?
Questions and answers