Table of Contents
Advertisement
GenericASN1Ext
The
GenericASN1Ext
certificates. Using this policy, you can add as many ASN.1 type based-extensions
as required without having to write any code. Further, it eliminates the
dependency on the command-line tools for generating base-64 encoded standard
extensions from the x.509 extension classes.
The generic extension policy in CMS accepts custom extensions in the form of
object identifiers (OIDs) and values as DER-encoded extension values. That is, for
the server to add a custom extension to certificates it issues, you need to first define
the extension and then configure the server with extension details.
Similar to a standard extension, you define a custom extension by defining an OID
and a ASN.1 structure.
•
The OID must be specified in the dot-separated numeric component notation
(for example, 2.5.29.35). Although you can invent your own OIDs for the
purposes of evaluating and testing the server, in a production environment,
you should comply with the ISO rules for defining OIDs and for registering
subtrees of IDs. See Appendix H, "Object Identifiers" for information on
allocating private OIDs.
•
The ASN.1 structure must be constructed from a sequence of DER-encoded
extension values.
The resulting extension would look similar to the way a standard extension
appears in certificates (as defined in RFC 2459):
Extension
::=
SEQUENCE
extnID
OBJECT IDENTIFIER,
critical
BOOLEAN DEFAULT FALSE,
extnValue
OCTET STRING
In the policy configuration, the
field is defined by the
critical
defined by evaluating the expression in the
defined by the
attribute
individual parameters.
Typically, the application receiving the certificate checks the extension ID to
determine if it can recognize the ID. If it can, it uses the extension ID to determine
the type of value used. When adding your custom extension to certificates, keep in
mind that if the extension exists in a certificate and if it is marked critical, the
plug-in module enables you to add custom extensions to
{
}
field is defined by the
extnID
critical
parameters. See Table 11-24 on page 527 for details on
Extension-Specific Policy Module Reference
oid
parameter, and the
extnValue
parameter, which in turn is
pattern
Chapter 11
parameter, the
field is
Policies
525
Advertisement
Table of Contents
