Table of Contents
Advertisement
Standard X.509 v3 Certificate Extensions
Discussion
This extension is used during the certificate chain verification process to identify
CA certificates and to apply certificate chain path length constraints. The
component should be set to true for all CA certificates. PKIX recommends that this
extension should not appear in end-entity certificates.
If the
number of CA certificates that have been processed so far (starting with the
end-entity certificate and moving up the chain). If
then all of the higher level CA certificates in the chain must not include this
component when the extension is present.
See "CA Certificates and Extension Interactions" on page 368 regarding the
interaction of
CMS Version Support
Refer to "BasicConstraintsExt Plug-in Module" on page 145.
•
CMS 4.1: Supported
•
CMS 4.2: Supported
•
CMS 4.2-SP2: Supported
Netscape Recommendation
Netscape requires this extension for all CA certificates.
Microsoft Recommendation
Microsoft recommends this extension for all certificates.
certificatePolicies
OID
2.5.29.32
References
http://www.ietf.org/rfc/rfc2459.txt
Criticality
This extension may be critical or noncritical.
344
Netscape Certificate Management System Plug-ins Guide • October 2001
pathLenConstraint
this extension with the Netscape Certificate Type extension.
the
component is present, its value must be greater than the
4.2.1.5
pathLenConstraint
cA
is omitted,
Advertisement
Table of Contents
