Table of Contents
Advertisement
CA Certificates and Extension Interactions
If the extension exists in a certificate, it limits the certificate to the uses specified in
it. If the extension is not present, the certificate can be used for all applications
except object signing.
The value is a bit-string, where the individual bit positions, when set, certify the
certificate for particular uses as follows:
•
bit 0: SSL Client certificate
•
bit 1: SSL Server certificate
•
bit 2: S/MIME certificate
•
bit 3: Object-signing certificate
•
bit 4: Reserved for future use
•
bit 5: SSL CA certificate
•
bit 6: S/MIME CA certificate
•
bit 7: Object-signing CA certificate
CMS Version Support
Supported since CMS 4.1. Refer to "NSCertTypeExt" on page 549.
netscape-comment
OID
2.16.840.1.113730.13
Discussion
The value of this extension is an IA5String. It is a comment that can be displayed to
the user when the certificate is viewed.
CMS Version Support
Supported since CMS 4.2. Refer to "NSCCommentExt" on page 548.
CA Certificates and Extension Interactions
Netscape recommends that all CA certificates contain the
extension, as this is the standard way to identify a CA certificate. In addition, to
ensure support for Navigator 3.x, CAs should also use
These two extensions can interact with each other. The following table describes
what different combinations of the two extensions mean.
742
Netscape Certificate Management System Administrator's Guide • February 2003
basicConstraints
netscape-cert-type
.
Advertisement
Table of Contents
