Table of Contents
Advertisement
CA to create and distribute a new certificate before expiration. The extensions can contain any
additional information. An application is only required to be able to evaluate an extension if it is
identified as critical. If an application does not recognize a critical extension, it must reject the
certificate. Some extensions are only useful for a specific application, such as signature or
encryption.
X.509v3 Certificate
Table 6-1
Field
Version
Serial Number
Signature
Issuer
Validity
Subjectr
Subject Public Key Info
Issuer Unique ID
Subject Unique ID
Extensions
YaST-Based PKI: YaST contains modules for the basic management of X.509 certificates. This
mainly involves the creation of CAs and their certificate. YaST provides tools for creating and
distributing CAs and certificates, but cannot currently offer the background infrastructure that allow
continuous update of certificates and CRLs. To set up a small PKI, you can use the available YaST
modules. However, you should use commercial products to set up an official or commercial PKI.
6.6.2 Creating a YaST-based CA
1 Start YaST and go to Security and Users > CA Management.
2 Click Create Root CA.
Content
The version of the certificate, for example, v3
Unique certificate ID (an integer)
The ID of the algorithm used to sign the certificate
Unique name (DN) of the issuing authority (CA)
Period of validity
Unique name (DN) of the owner
InfoPublic key of the owner and the ID of the
algorithm
Unique ID of the issuing CA (optional)
Unique ID of the owner (optional)
Optional additional information, such as KeyUsage
or BasicConstraints
Installing and Configuring iFolder Services
79
Advertisement
Table of Contents
