Table of Contents
Advertisement
Managing the Certificate Database
Also note that certificate extensions are required if you are setting up a hierarchy of
certificate authorities (CAs). Subordinate CAs must have certificates that include
the extension identifying them as either a subordinate SSL CA (which allows them
to issue certificates for SSL) or a subordinate email CA (which allows them to issue
certificates for secure email). If you disable certificate extensions, you will not be
able to set up CA hierarchies. For more information on CA hierarchies, see
"Certificate Hierarchies" in Appendix D of Managing Servers with Netscape Console.
You can set the following extensions:
•
Basic constraints—select this option if you want to set any of the basic
constraints extension bits in the certificate you are requesting. When you select
the option, the associated fields are enabled. You should select the ones you
want to set.
•
Netscape certificate type—select this option if you want to set any of the
Netscape Certificate Type extension bits in the certificate you are requesting.
When you select the option, the associated fields are enabled. You should select
the ones you want to set.
•
Authority key identifier—select this option if you want to set the authority key
identifier extension in the certificate you are requesting.
•
Subject key identifier—select this option if you want to set the subject key
identifier extension in the certificate you are requesting.
•
Key usage—select this option if you want to set the key usage extension in the
certificate you are requesting. If you choose this option, the digital signature
(bit 0), non repudiation (bit 1), key Certificate Sign (bit 5), and CRL sign (bit 6)
bits are set by default. The extension is marked critical as recommended by the
PKIX standard and RFC 2459 (see
for a description of the Key Usage extension).
•
Extension in MIME 64 DER encoding—select this option if you want to specify
any custom extension. When you select the option, the associated text field is
enabled. You should paste your extension (in MIME 64 DER encoded format)
into the text field.
302
Netscape Certificate Management System Administrator's Guide • June 2003
http://www.ietf.org/rfc/rfc2459.txt
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN