Netscape-Defined Certificate Extensions Reference - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual

Appendix B. Defaults, Constraints, and Extensions for Certificates and CRLs
OID
2.5.29.21
Parameters
Parameter
enable
critical
Table B.40. CRLReason Configuration Parameters
B.4.3. Netscape-Defined Certificate Extensions Reference
Netscape defined certain certificate extensions for its products. Some of the extensions are now
obsolete, and others have been superseded by the extensions defined in the X.509 proposed
standard. All Netscape extensions should be tagged as noncritical, so that their presence in a
certificate does not make that certificate incompatible with other clients.
B.4.3.1. netscape-cert-type
The Netscape Certificate Type extension can be used to limit the purposes for which a certificate
can be used. It has been replaced by the X.509 v3 extensions
Section B.3.3, "basicConstraints".
If the extension exists in a certificate, it limits the certificate to the uses specified in it. If the extension
is not present, the certificate can be used for all applications, except for object signing.
The value is a bit-string, where the individual bit positions, when set, certify the certificate for particular
uses as follows:
• bit 0: SSL Client certificate
• bit 1: SSL Server certificate
• bit 2: S/MIME certificate
• bit 5: SSL CA certificate
• bit 6: S/MIME CA certificate
OID
2.16.840.1.113730.1
B.4.3.2. netscape-comment
The value of this extension is an IA5String. It is a comment that can be displayed to the user when the
certificate is viewed.
480
Description
Sets whether the extension rule is enabled or
disabled. By default, this is enabled.
Marks the extension as critical or noncritical. By
default, this is noncritical.
Section B.3.6, "extKeyUsage"
and