Netscape MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION Manual page 109

Parameters Accepted by the Bulk Enrollment Interface (Continued)
Table 6-5
Parameter
ssl_ca
ssl_client
ssl_server
Key Usage
crl_sign
data_encipherment
decipher_only
digital_signature
encipher_only
key_agreement
key_certsign
Format and Description
true | false
Sets the SSL certificate issuer bit (bit 5).
true | false
Sets the SSL client authentication certificate bit (bit 0).
true | false
Sets the SSL server authentication certificate bit (bit 1).
Parameters for setting bits in the keyUsage certificate extension. A true value
sets the bit to 1; false sets the bit to 0.
true | false
Sets the keyUsage extension bit (6) indicating that the key may be used to sign
Certificate Revocation Lists (CRLs).
true | false
Sets the keyUsage extension bit (3) indicating that the key may be used to
encipher application data (as opposed to key material).
true | false
Sets the keyUsage extension bit (8) indicating that the key may only be used to
decipher data and keys. If this is true, keyAgreement should also be true.
true | false
Sets the keyUsage extension bit (0) indicating that the key may be used to sign
any data. This should be true for SSL client certificates, S/MIME signing
certificates, and object signing certificates.
true | false
Sets the keyUsage extension bit (7) indicating that the key may only be used to
encipher data and keys. If this is true, keyAgreement should also be true.
true | false
Sets the keyUsage extension bit (4) indicating that the key may be used to
encipher and decipher keys during key agreement.
true | false
Sets the keyUsage extension bit (5) indicating that the key may be used to sign
other certificates. All CA signing certificates should set this to true.
Bulk Enrollment Interface
Chapter 6 Agent Interface Reference 109