Netscape-Defined Certificate Extensions; Netscape-Cert-Type - Netscape MANAGEMENT SYSTEM 4.5 - PLUG-IN Manual

Netscape-Defined Certificate Extensions

Netscape has defined certain certificate extensions for use with Navigator and
Communicator. Some of the extensions that have been defined are now obsolete,
and others can be superseded by the extensions defined in the X.509 proposed
standard. All Netscape extensions should be tagged as noncritical, so that their
presence in a certificate does not make that certificate incompatible with other
clients.
The specifications for all Netscape-defined extensions are defined at
http://home.netscape.com/eng/security/comm4-cert-exts.html
CMS deployments, only
supported to maintain compatibility with Navigator 3.x. Therefore, only these two
Netscape certificate extensions are described here.

netscape-cert-type

OID
2.16.840.1.113730.1
Discussion
The Netscape Certificate Type extension can be used to limit the purposes for
which a certificate can be used. It has been replaced by the X.509 v3 extensions
extKeyUsage and basicConstraints, but must still be supported in deployments
that include Navigator 3.x clients.
If the extension exists in a certificate, it limits the certificate to the uses specified in
it. If the extension is not present, the certificate can be used for all applications
except object signing.
The value is a bit-string, where the individual bit positions, when set, certify the
certificate for particular uses as follows:
• bit 0: SSL Client certificate
• bit 1: SSL Server certificate
• bit 2: S/MIME certificate
• bit 3: Object-signing certificate
• bit 4: Reserved for future use
• bit 5: SSL CA certificate
• bit 6: S/MIME CA certificate
netscape-cert-type
Appendix C
Netscape-Defined Certificate Extensions
and
netscape-comment
Certificate and CRL Extensions
. For most
need to be
367