Extension-Specific Policy Module Reference
Table 11-28 KeyUsageExt Configuration Parameters (Continued)
Parameter
keyCertsign
cRLSign
encipherOnly
538
Netscape Certificate Management System Administrator's Guide • June 2003
Description
Specifies whether to set the keyCertSign bit (or bit 5) of the key usage extension
in certificates specified by the predicate parameter.
Permissible values: true, false, or HTTP_INPUT.
• Select true if you want the server to set the bit (default).
• Select false if you don't want the server to set the bit.
• Select HTTP_INPUT if you want the server to check the certificate request for
the HTTP input variable corresponding to the keyCertsign bit and set the bit
accordingly. If the variable is set to true, the server sets the bit. If the variable
doesn't exist or if it is set to false (or any other value), the server doesn't set
the bit.
Specifies whether to set the cRLSign bit (or bit 6) of the key usage extension in
certificates specified by the predicate parameter.
Permissible values: true, false, or HTTP_INPUT.
• Select true if you want the server to set the bit (default).
• Select false if you don't want the server to set the bit.
• Select HTTP_INPUT if you want the server to check the certificate request for
the HTTP input variable corresponding to the CRLsign bit and set the bit
accordingly. If the variable is set to true, the server sets the bit. If the variable
doesn't exist or if it is set to false (or any other value), the server doesn't set
the bit.
Specifies whether to set the encipherOnly bit (or bit 7) of the key usage extension
in certificates specified by the predicate parameter.
Permissible values: true, false, or HTTP_INPUT.
• Select true if you want the server to set the bit (default).
• Select false if you don't want the server to set the bit.
• Select HTTP_INPUT if you want the server to check the certificate request for
the HTTP input variable corresponding to the encipherOnly bit and set the
bit accordingly. If the variable is set to true, the server sets the bit. If the
variable doesn't exist or if it is set to false (or any other value), the server
doesn't set the bit.