Skip Headers
Oracle® Application Server Certificate Authority Administrator's Guide
10g Release 2 (10.1.2)
Part No. B14080-01
  Go To Table Of Contents
Contents		 Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Index
Index
Previous
Previous 		Next
Next 		 

D Extensions

Oracle Application Server Certificate Authority is compliant with the X.509 V3 and IETF's PKIX standards, and supports standard extensions as described in this Appendix.

Certificate Usage

OracleAS Certificate Authority enables users to select the function of a requested certificate to fit their intended applications and their enterprise policies. The default as shipped is "Authentication, Encryption, and Signing," but the administrator can configure a different choice, which then becomes the preselected default for that site. Table D-1 shows the possible choices:

Table D-1 Types of Certificate Usage

Function Description
Authentication Enables secure identification when requesting or providing access or services, such as when logging into an enterprise portal. (Typically, SSL protocol is used.)
Encryption Enables encrypting and decrypting electronic documents
Signing Enables verifiable signature for (and assures non-tampering of) electronic documents, including email (using S/MIME, the Secure Multipurpose Internet Mail Extension)
Authentication, Encryption Certificate can be used for both purposes.
Authentication, Signing Certificate can be used for both purposes.
Authentication, Encryption, and Signing Certificate can be used for all three purposes.
Encryption, Signing Certificate can be used for both purposes.
CA Signing Used to sign users' certificates or Certificate Revocation List (CRL).
Code Signing Provides verifiable signature for the provider of (and assures non-tampering of) Java code, JavaScript, and other signed files.

Policy Application to Certificates

Certain policies apply to certificates intended for particular uses, as described in Table D-2 .

Table D-2 Policies Applied for Particular Certificate Usages

Certificate Usage Basic Constraints (Critical) Key Usage (Non Critical) Extended Key Usage (Non Critical) Subject Alternate Name (Non Critical)
CA certificate CA flag set to true

PathLength: + root CA (generated during installation), value hardcoded to 3

root CA (generated using OCACTL), value can be chosen.

Signing Certificates (Keys)

Sign ing CRLs



Client Authentication
Digital Signature clientAuth rfc822Name=email AND/OR otherName=UID
Server Authentication
Digital Signature

Key Encipherment

serverAuth rfc822Name=email AND/OR otherName=UID
Signing
Digital Signature

Non-Repudiation

emailProtection rfc822Name=email AND/OR otherName=UID
Encryption
Data Encipherment

Key Encipherment

emailProtection
Code Signing
Digital Signature codeSigning rfc822Name=email AND/OR otherName=UID

  Previous
Previous 		Next
Next
  Go To Table Of Contents
Contents		 Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Index
Index