Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual page 536

Extension-Specific Policy Module Reference
• On the client side, bits set in the key usage extension are formed from
pre-defined HTTP input variables that can be embedded as hidden values in
the enrollment forms. You specify which bits are to be set by adding the
appropriate HTTP variables to the enrollment forms. Table 11-27 lists the
HTTP input variables that correspond to key usage extension bits.
The default enrollment forms provided for requesting various types of
certificates include the appropriate HTTP input variables that correspond to
the key-usage bits. By default only variables that correspond to key-usage bits
that need to be set are included in the form.
Typically, you won't have to change the key-usage bit setting by editing the
enrollment forms as you can do this easily by making the appropriate changes
to the policy instance (bits set on the server side override the ones set on the
client side). However, if you want to add new variables on the client side, you
can do that too. Be sure to add the new variable in the following format:
<input type="HIDDEN" name="variable_name" value=true>
where,
11-27.
NOTE
Table 11-27 HTTP input variables for key usage extension bits
HTTP input variable
digital_signature
non_repudiation
key_encipherment
data_encipherment
key_agreement
key_certsign
crl_sign
encipher_only
decipher_only
536 Netscape Certificate Management System Administrator's Guide • February 2003
can be any of the HTTP input variables listed in Table
variable_name
For all certificates, the key-usage-bits set on the server side (which
is governed by the policy) override the ones set on the client side.
Key usage extension bit
digitalSignature (bit 0)
nonRepudiation (bit 1)
keyEncipherment (bit 2)
dataEncipherment (bit3)
keyAgreement (bit4)
keyCertsign (bit5)
cRLSign (bit6)
encipherOnly (bit7)
decipherOnly (bit8)