Netscape MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION Manual page 52

Enrollment Interface
Parameters Accepted by the Enrollment Interface (Continued)
Table 3-7
Parameter
object_signing
object_signing_ca
ssl_ca
ssl_client
ssl_server
Key Usage
crl_sign
data_encipherment
decipher_only
digital_signature
encipher_only
52 Netscape Certificate Management System Customization Guide • March 2002
Format and Description
true | false
Sets the object signing certificate bit (bit 3).
true | false
Sets the object signing certificate issuer bit (bit 7).
true | false
Sets the SSL certificate issuer bit (bit 5).
true | false
Sets the SSL client authentication certificate bit (bit 0).
true | false
Sets the SSL server authentication certificate bit (bit 1).
Parameters for setting bits in the keyUsage certificate extension. A true value
sets the bit to 1; false sets the bit to 0.
true | false
Sets the keyUsage extension bit (6) indicating that the key may be used to sign
Certificate Revocation Lists (CRLs).
true | false
Sets the keyUsage extension bit (3) indicating that the key may be used to
encipher application data (as opposed to key material).
true | false
Sets the keyUsage extension bit (8) indicating that the key may only be used to
decipher data and keys. If this parameter is true, keyAgreement should also
be true.
true | false
Sets the keyUsage extension bit (0) indicating that the key may be used to sign
any data. This parameter should be true for SSL client certificates, S/MIME
signing certificates, and object signing certificates.
true | false
Sets the keyUsage extension bit (7) indicating that the key may only be used to
encipher data and keys. If this parameter is true, keyAgreement should also
be true.