Table of Contents
Advertisement
Standard X.509 v3 Certificate Extensions
PKIX Part 1 defines one
have issued certificates higher in the CA chain than the issuer of the certificate
using the extension. The
indicating the location and protocol (LDAP, HTTP, FTP) used to retrieve the list.
The Online Certificate Status Protocol (RFC 2560), available at
http://www.ietf.org/rfc/rfc2560.txt
(
id-ad-ocsp
contains a URL indicating the location and protocol used to access an OCSP
responder that can validate the certificate.
CMS Version Support
Supported since version 4.2. Refer to "AuthInfoAccessExt" on page 508.
authorityKeyIdentifier
OID
2.5.29.35
Criticality
This extension is always noncritical and is always evaluated.
Discussion
The Authority Key Identifier extension identifies the public key corresponding to
the private key used to sign a certificate. This extension is useful when an issuer
has multiple signing keys (for example, due to CA certificate renewal).
The extension consists of either or both of the following:
•
an explicit key identifier (
•
an issuer (
(
If the
matching
authorityCertSerialNumber
correct certificate by
If this extension is not present, then the issuer name alone is used to identify the
issuer certificate.
PKIX Part 1 requires this extension for all certificates except self-signed root CA
certificates. Where a key identifier has not been previously established, PKIX
recommends that the
fields be specified. These fields permit construction of a complete certificate chain
758
Netscape Certificate Management System Administrator's Guide • June 2003
accessMethod
accessLocation
) for using OCSP to verify certificates. The
authorityCertIssuer
authorityCertSerialNumber
field exists, then it is used to select the certificate with a
keyIdentifier
subjectKeyIdentifier
issuer
authorityCertIssuer
(
id-ad-caIssuers
field then typically contains a URL
, defines an
field)
keyIdentifier
field) and serial number
field) identifying a certificate
extension. If the
fields are present, then they are used to identify the
and
.
serialNumber
and
) to get a list of CAs that
accessMethod
accessLocation
authorityCertIssuer
authorityCertSerialNumber
field then
and
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN