Netscape MANAGEMENT SYSTEM 4.5 - PLUG-IN Manual page 336

Recommendations for Certificate Extension Use
Recommendations for Use of Certificate Extensions with CMS (Continued)
Table C-1
Certificate type CA root
authorityKeyIdentifier
S/MIME client
certificate
(single key
pair)
extKeyUsage:
keyUsage:
keyCertSign, cRLSign
netscape-cert-type:
S/MIME CA (if extension
exists, bit must be set)
subjectKeyIdentifier
336 Netscape Certificate Management System Plug-ins Guide • October 2001
Intermediate CA
authorityKeyIdentifier
cRLDistributionPoints
extKeyUsage:
Email
keyUsage:
keyCertSign, cRLSign
netscape-cert-type:
S/MIME CA (if extension
exists, bit must be set)
subjectKeyIdentifier
Issued certificate
authorityKeyIdentifier
cRLDistributionPoints
extKeyUsage:
Email
keyUsage:
digitalSignature
netscape-cert-type:
S/MIME (if extension exists,
bit must be set)
subjectAltName
subjectKeyIdentifier
Email