The trust attributes of a certificate indicate the following information:
Whether the certificate (in the case of client or server certificate) was issued by a Trusted CA.
Whether the certificate (in the case of a root certificate) can be trusted as the issuer of a server or client certificate.
The three available trust categories for each certificate are expressed in this order: “SSL, email, object signing”. Only the first category is useful for the Gateway. In each category position, zero or more trust attribute codes are used.
The attribute codes for the categories are separated by commas, and the entire set of attributes is enclosed by quotation marks. For example, the self-signed certificate generated and installed during the Gateway installation is marked "u,u,u" which means the certificate is a server certificate (user certificate) and not a root CA certificate.
Certificate Trust Attributes lists the possible attribute values and the meaning of each value.
Table 10–2 Certificate Trust Attributes
Attribute |
Description |
---|---|
p |
Valid peer |
P |
Trusted peer (implies p) |
c |
Valid CA |
T |
Trusted CA to issue client certificates (implies c) |
C |
Trusted CA to issue server certificates (SSL only) (implies c) |
u |
Certificate can be used for authentication or signing |
w |
Send warning (use with other attributes to include a warning when the certificate is used in that context) |