Table of Contents
Advertisement
PKIX Part 1 requires this extension for all certificates except self-signed root CA
certificates. Where a key identifier has not been previously established, PKIX
recommends that the
fields be specified. These fields permit construction of a complete certificate chain
by matching the
SubjectName
issuer's certificate against the
authorityCertSerialNumber
subject certificate.
CMS Version Support
Refer to "AuthorityKeyIdentifierExt Plug-in Module" on page 142.
•
CMS 4.1: Supported
•
CMS 4.2: Supported
•
CMS 4.2-SP2: Supported
Note that Certificate Management System does not use or support the
authorityCertSerialNumber
Netscape Recommendation
Netscape recommends that this extension be present in all certificates and that the
authorityCertIssuer
extension is not supported by Navigator 3.x, but its presence in a certificate won't
interfere with Navigator 3.x.
Microsoft Recommendation
Microsoft recommends that this extension be present in all certificates and that the
authorityCertIssuer
basicConstraints
OID
2.5.29.19
Reference
http://www.ietf.org/rfc/rfc2459.txt
Criticality
PKIX Part 1 requires that this extension be marked critical. This extension is
evaluated regardless of its criticality.
authorityCertIssuer
and
CertificateSerialNumber
authortiyCertIssuer
in the
AuthorityKeyIdentifier
field in the Authority Key Identifier extension.
and
authorityCertSerialNumber
and
authorityCertSerialNumber
Standard X.509 v3 Certificate Extensions
and
authorityCertSerialNumber
fields in the
and
fields be specified. This
fields be specified.
4.2.1.10
Appendix C
Certificate and CRL Extensions
extension of the
343
Advertisement
Table of Contents
