D
Extensions
OracleAS Certificate Authority is compliant with the X.509 V3 and IETF's PKIX standards, and supports the following extensions:
- OCA's CA certificates contain the following extensions
- Basic Constraints Extension: Critical
- CA flag set to true
- PathLength for root (self-sign) certificate is hardcoded to 3.
- PathLength for sub CA is between 0 and 2, depending on the pathlength of issuer's (upper CA) certificate.
- KeyUsage Extension: Critical
The following bits are set on:
- Digital Signature
- Key Cert Sign
- CRL Sign
- Non-Repudiation
- OCA's End-Entity SSL/Encryption Certificates
- Key Usage Extension: Non-Critical
The following bits set on:
- Digital Signature
- Key Encipherment
- Key Agreement
- Non-Repudiation
- Code signing certificates
- Key Usage Extension: Non-Critical
The following bits set on:
- SMIME-Signing Certificates
- Key Usage Extension: Non-Critical
The following bits set on:
- Digital Signature
- Data Encipherment
- Non-Repudiation