Key Usage Extension Default - Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual

Defaults Reference
Table 10-6 Freshest CRL Extension Default Configuration Parameters
Parameter
Critical
PointEnable_<n>
PointType_<n>
PointName_<n>
PointIssuer
Name_<n>
PointType_<n>

Key Usage Extension Default

This default populates the Key Usage extension in the certificate request. The
extension specifies the purposes for which the key contained in a certificate should
be used—for example, it specifies whether the key should be used for data signing,
key encipherment, or data encipherment—and thus enables you to restrict the
usage of a key pair to predetermined purposes.
456 Netscape Certificate Management System Administrator's Guide • February 2003
Description
Select true to mark this extension critical; select false to mark the
extension noncritical.
Select true to enable this point; select false to disable this point.
Specifies the type of issuing point. Select from DirectoryName
and URIName.
• If pointType is set to directoryName, the value must be a
string form of X.500 name, similar to the subject name in a
certificate. For example, CN=CACentral,OU=Research
Dept,O=Example Corporation,C=US.
• If pointType is set to URI, the name must be a URIName;
the URIName must be an absolute pathname and must
specify the host. For example:
http://testCA.example.com/get/your/crls/here/
Specifies the name of the issuer that has signed the CRL
maintained at this distribution point, the name can be in any of
the following formats:
• An X.500 directory name in the RFC 2253 syntax. For
example:
CN=CA Central, OU=Research Dept, O=Example
Corporation, C=US
• A URIName; for example:
http://testCA.example.com:80
Specifies the general-name type of the CRL issuer that signed the
CRL maintained at distribution point.
Permissible values: DirectoryName or URIName. The value you
specify for this parameter must correspond to the value in the
issuerName field.