Table of Contents
Advertisement
The generic extension policy in Certificate Management System accepts custom
extensions in the form of object identifiers (OIDs) and values as DER-encoded
extension values. That is, for the server to add a custom extension to certificates it
issues, you need to first define the extension and then configure the server with
extension details.
Similar to a standard extension, you define a custom extension by defining an OID
and a ASN.1 structure.
•
The OID must be specified in the dot-separated numeric component notation
(for example, 2.5.29.35). Although you can invent your own OIDs for the
purposes of evaluating and testing the server, in a production environment,
you should comply with the ISO rules for defining OIDs and for registering
subtrees of IDs. See Appendix B, "Object Identifiers" for information on
allocating private OIDs.
•
The ASN.1 structure must be constructed from a sequence of DER-encoded
extension values.
The resulting extension would look similar to the way a standard extension
appears in certificates (as defined in RFC 2459):
Extension
::=
SEQUENCE
extnID
OBJECT IDENTIFIER,
critical
BOOLEAN DEFAULT FALSE,
extnValue
OCTET STRING
In the policy configuration, the
field is defined by the
critical
defined by evaluating the expression in the
defined by the
attribute
individual parameters.
Typically, the application receiving the certificate checks the extension ID to
determine if it can recognize the ID. If it can, it uses the extension ID to determine
the type of value used. When adding your custom extension to certificates, keep in
mind that if the extension exists in a certificate and if it is marked critical, the
application validating the certificate must be able to interpret the extension, or else
it must reject the certificate. Since it's unlikely that all applications will be able to
interpret your custom extensions, you should consider marking these extensions
noncritical.
{
}
field is defined by the
extnID
parameter, and the
critical
pattern
parameters. See Table 4-11 on page 177 for details on
Chapter 4
GenericASN1Ext Plug-in Module
parameter, the
oid
extnValue
parameter, which in turn is
Certificate Extension Plug-in Modules
field is
175
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN