Issueraltname Extension; Keyusage - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual

Use
Microsoft Encrypted File System
Netscape SGC
Table B.30. Private Extended Key Usage Extension Uses
B.3.7. issuerAltName Extension
The Issuer Alternative Name extension is used to associate Internet-style identities with the certificate
issuer. Names must use the forms defined for the Subject Alternative Name extension.
OID
2.5.29.18
Criticality
PKIX Part 1 recommends that this extension be marked noncritical.
B.3.8. keyUsage
The Key Usage extension defines the purpose of the key contained in the certificate. The Key Usage,
Extended Key Usage, and Basic Constraints extensions act together to specify the purposes for which
a certificate can be used.
If this extension is included at all, set the bits as follows:
• digitalSignature (0) for SSL client certificates, S/MIME signing certificates, and object-signing
certificates.
• nonRepudiation (1) for some S/MIME signing certificates and object-signing certificates.
WARNING
Use of this bit is controversial. Carefully consider the legal consequences of its use
before setting it for any certificate.
• keyEncipherment (2) for SSL server certificates and S/MIME encryption certificates.
• dataEncipherment (3) when the subject's public key is used to encrypt user data instead of key
material.
• keyAgreement (4) when the subject's public key is used for key agreement.
• keyCertSign (5) for all CA signing certificates.
• cRLSign (6) for CA signing certificates that are used to sign CRLs.
• encipherOnly (7) if the public key is used only for enciphering data. If this bit is set,
keyAgreement should also be set.
• decipherOnly (8) if the public key is used only for deciphering data. If this bit is set,
keyAgreement should also be set.
OID
1.3.6.1.4.1.311.10.3.4
2.16.840.1.113730.4.1

issuerAltName Extension

463