Table of Contents
Advertisement
Microsoft allows users to control certificate properties that correspond to Extended
Key Usage specifications. For example, from the Internet Explorer 4.0 user
interface, the user may deselect a CA certificate in a list of CA certificates otherwise
trusted for a given usage. Note that the user may only restrict uses, and not add
uses that are not supported by the certificate itself. These user settings affect only
the interpretation of the certificate on the computer where they are set. They do not
affect the certificate itself.
A given certificate is valid only for the intersection of key usages of all the
certificates in the chain to its root (as determined by both the Extended Key Usage
extension for each certificate and the corresponding user settings). To be valid for a
particular usage, the end-entity certificate and all certificates in the chain must all
be valid for that usage.
issuerAltName
OID
2.5.29.18
Reference
http://www.ietf.org/rfc/rfc2459.txt
Criticality
PKIX Part 1 recommends that this extension be marked noncritical.
Discussion
The Issuer Alternative Name extension is used to associate Internet-style identities
with the certificate issuer. Names must use the forms defined for subjectAltName.
CMS Version Support
Refer to "IssuerAltNameExt Plug-in Module" on page 181.
•
CMS 4.1: Not supported
•
CMS 4.2: Supported
•
CMS 4.2-SP2: Supported
•
CMS 4.5: Supported
•
CMS 6.0: Supported
Netscape Recommendation
Netscape products do not examine this extension.
Standard X.509 v3 Certificate Extensions
4.2.1.8
Appendix C
Certificate and CRL Extensions
347
Advertisement
Table of Contents
