CA Certificates and Extension Interactions
•
If CAs ever intend to generate new keys for their CA, they must add the
authorityKeyIdentifier
anything other than the SHA-1 hash of the CA certificates
subjectPublicKeyInfo
subjectKeyIdentifier
when the new issuing certificate becomes active.
744
Netscape Certificate Management System Administrator's Guide • February 2003
extension to all subject certificates. If the
field, then the CA certificate should contain the
extension. This will allow for a smooth transition
is
key ID