Table 10-19 Extended Key Usage Extension Constraint Configuration Parameters
Parameter
Critical
exKeyUsageOIDs
Extension Constraint
This constraint implements the general extension constraint. It checks if the
extension is present or not.
Key Constraint
This constraint checks the key type and key length.
Table 10-20 Key Constraint Configuration Parameters
Parameter
Type
MinLength
MaxLength
Key Usage Extension Constraint
The key usage extension constraint checks if the key usage constraint in the
certificate request satisfies the criteria set in this constraint.
Description
Specifies whether the extension can be marked critical or
noncritical. Select true to allow the extension to be marked critical,
select false to disallow the extension from being marked critical;
select "-" to indicate no constraints are placed for this parameter.
Specifies the allowable OIDs that identifies a key-usage purpose.
You can specify more than one separating each with a comma.
Description
Select which key type is allowed from DSA and RSA.
Specifies the minimum allowable key length.
Specifies the maximum allowable key length.
Constraints Reference
Chapter 10
Certificate Profiles
473