You can define the following constraints with this default:
•
Netscape Certificate Type Extension Constraint, see "Netscape Certificate Type
Extension Constraint," on page 477.
•
Extension Constraint, see "Extension Constraint," on page 475.
•
No Constraints, see "No Constraint," on page 477.
Table 10-10 Netscape Certificate Type Extension Default Configuration Parameters
Parameter
critical
SSLClient
SSLServer
CertEmail
CertObjectSigning
CertSSLCA
CertEmailCA
CertObjectSigningCA
Description
Select true to mark this extension critical; select false to
mark the extension noncritical.
Specifies that the certificate can be used by clients for
authentication during SSL connections. Select true to
include this capability; select false to not include this
capability.
Specifies that the certificate can be used by servers for
authentication during SSL connections. Select true to
include this capability; select false to not include this
capability.
Specifies that the certificate can be used to send secure
email messages. Select true to include this capability; select
false to not include this capability.
Specifies that the certificate can be used for signing objects
such as Java applets and plug-ins. Select true to include
this capability; select false to not include this capability.
Specifies that the certificate can be used by a CA to issue
certificates for SSL connections. Select true to include this
capability; select false to not include this capability.
Specifies that the certificate can be used by a CA to issue
certificates for secure email. Select true to include this
capability; select false to not include this capability.
Specifies that the certificate can be used by a CA to issue
certificates for object signing. Select true to include this
capability; select false to not include this capability.
Defaults Reference
Chapter 10
Certificate Profiles
463