Skip Headers

Oracle® Application Server Certificate Authority Administrator's Guide
10g (9.0.4)
Part Number B10663-01
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index

Go to previous page Go to next page

D
Extensions

OracleAS Certificate Authority is compliant with the X.509 V3 and IETF's PKIX standards, and supports the following extensions:

  1. OCA's CA certificates contain the following extensions

    1. Basic Constraints Extension: Critical

      • CA flag set to true

      • PathLength for root (self-sign) certificate is hardcoded to 3.

      • PathLength for sub CA is between 0 and 2, depending on the pathlength of issuer's (upper CA) certificate.

    2. KeyUsage Extension: Critical

    The following bits are set on:

    • Digital Signature

    • Key Cert Sign

    • CRL Sign

    • Non-Repudiation

  2. OCA's End-Entity SSL/Encryption Certificates

    1. Key Usage Extension: Non-Critical

    The following bits set on:

    • Digital Signature

    • Key Encipherment

    • Key Agreement

    • Non-Repudiation

  3. Code signing certificates

    1. Key Usage Extension: Non-Critical

    The following bits set on:

    • + Digital Signature

  4. SMIME-Signing Certificates

    1. Key Usage Extension: Non-Critical

    The following bits set on:

    • Digital Signature

    • Data Encipherment

    • Non-Repudiation

Go to previous page Go to next page
Oracle
Copyright © 2002, 2003 Oracle Corporation.
All Rights Reserved.
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index