About This Guide
Chapter 1 Introduction to Certificate Management System
Chapter 2 Default Demo Installation
Chapter 3 Planning Your Deployment
Chapter 4 Installation Worksheet
Chapter 5 Installation and Configuration
Appendix A Migrating from Certificate Server 1.x
Appendix B Certificate Extensions
Appendix C Certificate Download Specification
Appendix D Using SSL with iPlanet Web Server, Enterprise Edition
Appendix E Export Control Information
Glossary
Index
Netscape Certificate Management System Installation and Deployment Guide:
Previous Next Contents Index Bookshelf


Appendix B Certificate Extensions

This appendix explains both the standard certificate extensions defined by X.509 v3 and the extensions defined by Netscape that were used in versions of products released before X.509 v3 was finalized. It also provides recommendations for extensions to use with specific kinds of certificates, including both PKIX Part 1 recommendations and Netscape extensions that must be supported for compatibility with early versions of Netscape products.

This appendix contains the following sections:
Introduction to Certificate Extensions
An X.509 v3 certificate contains an extensions field that permits any number of additional fields to be added to the certificate. Certificate extensions provide a way of adding information such as alternative subject names and usage restrictions to certificates. Older versions of Netscape browsers and servers taht were developed before PKIX part 1 standards were defined require Netscape-specific extensions.

 The X.509 v1 certificate specification was originally designed to bind public keys to names in an X.500 directory. As certificates began to be used on the Internet and extranets, and directory lookups could not always be performed, problem areas such as the following emerged that were not foreseen in the original specification:

Eventually, the X.509 v3 specification addressed many of these issues by defining a general format for certificate extensions and specifying a number of standard extensions. The X.509 v3 certificate format also allows communities to define private extensions to carry information unique to those communities.

Before the X.509 v3 standard was finalized, Netscape and other companies had to address some of the most pressing issues listed above with their own extension definitions. Therefore, to maintain compatibility with older versions of browsers that were released before the X.509 v3 specification was finalized, certain kinds of certificates should include some of the Netscape extensions. For details, see Recommendations for Extension Use.

The X.500 and X.509 specifications are controlled by the International Telecommunication Union (ITU), an international organization that primarily serves large telecom companies, government organizations, and other entities concerned with the international telecommunications network. The Internet Engineering Task Force (IETF), which controls many of the standards that underlie the Internet, is currently developing public-key infrastructure X.509 (PKIX) standards. These proposed standards further refine the X.509 v3 approach to extensions for use on the Internet. The recommendations for certificates and CRLs have reached proposed standard status, and can be viewed at Internet X.509 Public Key Infrastructure - Certificate and CRL Profile. This document is often referred to as PKIX Part 1.


Recommendations for Extension Use
Most deployments will use some or all of these extensions:

 authorityKeyIdentifier. Identifies the public key corresponding to the private key used to sign a certificate.

basicConstraints. Identifies CA certificates and optionally specifies a maximum certificate chain path length.

cRLDistributionPoints. Defines how CRL information for the certificate is to be obtained.

extKeyUsage. Indicates purpose or purposes for which the certificate may be used, either in addition to or instead of the purposes indicated by the keyUsage extension.

keyUsage. Indicates the purpose or purposes for which the public key certified by the certificate may be used.

netscape-cert-type. Indicates the purpose or purposes for which the certificate may be used. Required only for compatibility with some Netscape products that were released before by X.509 v3 was finalized.

subjectAltName. Specifies one or more alternative names for the identity bound by the CA to the certified public key.

subjectKeyIdentifier. Identifies the public key certified by the certificate.

These extensions, plus others, are described in detail in later sections of this appendix. Additional extensions may be useful for a variety of purposes. However, the extensions listed above are either required or recommended for various kinds of certificates issued by Certificate Management System.

 Table B.1 summarizes guidelines for using these extensions. The table provides a summary only. Each extension is explained in detail later in the Appendix. Click the boldface name of each extension in the table to go to more detailed information. Keep the following in mind as you use the table:

Table B.1 Recommendations for Use of Certificate Extensions with CMS

Certificate type
CA root
Intermediate CA
Issued certificate
SSL client certificate
authorityKeyIdentifier

basicConstraints: true (required)

extKeyUsage: client auth

keyUsage: keyCertSign, cRLSign

netscape-cert-type:
SSL CA (if extension exists, bit must be set)

subjectKeyIdentifier
authorityKeyIdentifier

basicConstraints: true (required)

cRLDistributionPoints

extKeyUsage: client auth

keyUsage: keyCertSign, cRLSign

netscape-cert-type:
SSL CA (required for client authentication with some Netscape servers)

subjectKeyIdentifier
authorityKeyIdentifier

cRLDistributionPoints

extKeyUsage: client auth

keyUsage: digitalSignature

netscape-cert-type:
SSL client (if extension exists, bit must be set; otherwise, not required)

subjectKeyIdentifier
S/MIME client certificate
(single key pair)
authorityKeyIdentifier

extKeyUsage: Email

keyUsage: keyCertSign, cRLSign

netscape-cert-type:
S/MIME CA (if extension exists, bit must be set)

subjectKeyIdentifier
authorityKeyIdentifier

cRLDistributionPoints

extKeyUsage: Email

keyUsage: keyCertSign, cRLSign

netscape-cert-type:
S/MIME CA (if extension exists, bit must be set)

subjectKeyIdentifier
authorityKeyIdentifier

cRLDistributionPoints

extKeyUsage: Email

keyUsage: digitalSignature

netscape-cert-type: S/MIME (if extension exists, bit must be set)

subjectAltName

subjectKeyIdentifier
S/MIME client certificate
(dual key pair)
authorityKeyIdentifier

extKeyUsage: Email

keyUsage: keyCertSign, cRLSign

subjectKeyIdentifier
authorityKeyIdentifier

cRLDistributionPoints

extKeyUsage: Email

keyUsage: keyCertSign, cRLSign

subjectKeyIdentifier
authorityKeyIdentifier

cRLDistributionPoints

extKeyUsage: Email

keyUsage, signing certificate: digitalSignature (required)

keyUsage, encryption certificate: keyEncipherment (required)

subjectAltName

subjectKeyIdentifier
SSL server certificate
authorityKeyIdentifier

extKeyUsage: Server Auth (recommended), Microsoft SGC and Netscape SGC (required for step-up)

keyUsage: keyCertSign, cRLSign

netscape-cert-type:
SSL CA (if extension exists, bit must be set)

subjectKeyIdentifier
authorityKeyIdentifier

cRLDistributionPoints

extKeyUsage: Server Auth (recommended), Microsoft SGC and Netscape SGC (required for step-up)

keyUsage: keyCertSign, cRLSign

netscape-cert-type:
SSL CA (if extension exists, bit must be set)

subjectKeyIdentifier
authorityKeyIdentifier

cRLDistributionPoints

extKeyUsage: Server Auth (recommended), Microsoft SGC and Netscape SGC (required for step-up)

keyUsage: keyEncipherment

netscape-cert-type:
SSL Client, SSL Server (required for some Netscape servers)

subjectAltName

subjectKeyIdentifier
Object signing/Authenticode certificate
authorityKeyIdentifier

extKeyUsage: Code Signing (required for Authenticode)

keyUsage: keyCertSign, cRLSign

netscape-cert-type:
Object-signing CA (required for Object Signing)

subjectKeyIdentifier
authorityKeyIdentifier

cRLDistributionPoints

extKeyUsage: Code Signing (required for Authenticode)

keyUsage: keyCertSign, cRLSign

netscape-cert-type:
Object-signing CA (required for Object Signing)

subjectKeyIdentifier
authorityKeyIdentifier

cRLDistributionPoints

extKeyUsage: Code Signing (required for Authenticode)

keyUsage: digitalSignature

netscape-cert-type:
Object-signing (required for Object Signing)

subjectAltName

subjectKeyIdentifier


Standard X.509 v3 Certificate Extensions
This section summarizes the extension types that are defined as part of the Internet X.509 Version 3 standard, as of September 1998, and indicates which types are recommended by the PKIX working group.

This section summarizes important information about each certificate. For complete details, see both the X.509 v3 standard (available from the ITU) and the Internet X.509 Public Key Infrastructure - Certificate and CRL Profile (RFC 2459),. The descriptions of extensions reference the RFC and section number of the standard draft that discusses the extension; the object identifier (OID) for each extensions is also provided.

Each extension in a certificate can be designated as critical or noncritical. A certificate-using system, such as browser software, must reject the certificate if it encounters a critical extension it does not recognize; however, a noncritical extension can be ignored if it is not recognized.

 The descriptions below contain recommendations for use of the extension from Netscape and Microsoft. The Microsoft recommendations were taken from "Structuring X.509 Certificates for Use with Microsoft Products", dated December 4, 1997.

Certificate Management System (CMS) version support is listed for each extension. "Supported" means that the indicated version of CMS ships with built-in support for the extension via a policy plug-in. "Not supported" means that the indicated version of CMS does not ship a policy plug-in for the extension (although the extension can be used if a custom plug-in is written).

 These are the standard X.509 v3 extensions described in the sections that follow:

 authorityInfoAccess

OID

1.3.6.1.5.5.7.1.1

Reference

http://www.ietf.org/rfc/rfc2459.txt 4.2.2.1

Criticality

This extension must be noncritical.

Discussion

The Authority Information Access extension indicates how and where to access information about the issuer of the certificate. The extension contains an accessMethod and an accessLocation field. The accessMethod specifies (by an OID) the type and format of information about the issuer found at the accessLocation.

PKIX Part 1 defines one accessMethod (id-ad-caIssuers) to get a list of CAs that have issued certificates higher in the CA chain than the issuer of the certificate using the extension. The accessLocation field then typically contains a URL indicating the location and protocol (LDAP, HTTP, FTP) used to retrieve the list.

 The Online Certificate Status Protocol (RFC 2560) defines an accessMethod (id-ad-ocsp) for using OCSP to verify certificates. The accessLocation field then contains a URL indicating the location and protocol used to access an OCSP responder that can validate the certificate.

CMS Version Support

Refer to "Authority Information Access Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendation

Netscape recommends that you add this extension with id-ad-ocsp and the URL for an OCSP responder to every certificate that can be verified using OCSP.

OCSP signing certificates and CA signing certificates should only use the authorityInfoAccess extension to point to an OCSP responder if that responder has been configured to verify them. For example, if there is a hierarchy of responders, a subordinate responder may point to its parent for verification. If a CA signing certificate points to an OCSP responder, that responder's signing certificate should be signed by a different CA (for example, the CA that issued the CA signing certificate in question).

 Microsoft Recommendation

Microsoft products do not currently use on-line revocation checking.

authorityKeyIdentifier

OID

2.5.29.35

Reference

http://www.ietf.org/rfc/rfc2459.txt 4.2.1.1

Criticality

This extension is always noncritical and is always evaluated.

Discussion

The Authority Key Identifier extension identifies the public key corresponding to the private key used to sign a certificate. This extension is useful when an issuer has multiple signing keys (for example, due to CA certificate renewal).

The extension consists of either or both of the following:

 If the keyIdentifier field exists, then it is used to select the certificate with a matching subjectKeyIdentifier extension. If the authorityCertIssuer and authorityCertSerialNumber fields are present, then they are used to identify the correct certificate by issuer and serialNumber.

 If this extension is not present, then the issuer name alone is used to identify the issuer certificate.

PKIX Part 1 requires this extension for all certificates except self-signed root CA certificates. Where a key identifier has not been previously established, PKIX recommends that the authorityCertIssuer and authorityCertSerialNumber fields be specified. These fields permit construction of a complete certificate chain by matching the SubjectName and CertificateSerialNumber fields in the issuer's certificate against the authortiyCertIssuer and authorityCertSerialNumber in the AuthorityKeyIdentifier extension of the subject certificate.

 CMS Version Support

Refer to "Authority Key Identifier Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendation

Netscape recommends that this extension be present in all certificates and that the authorityCertIssuer and authorityCertSerialNumber fields be specified. This extension is not supported by Navigator 3.x, but its presence in a certificate won't interfere with Navigator 3.x.

Microsoft Recommendation

Microsoft recommends that this extension be present in all certificates and that the authorityCertIssuer and authorityCertSerialNumber fields be specified.

basicConstraints

OID

2.5.29.19

Reference

http://www.ietf.org/rfc/rfc2459.txt 4.2.1.10

Criticality

PKIX Part 1 requires that this extension be marked critical. This extension is evaluated regardless of its criticality.

Discussion

This extension is used during the certificate chain verification process to identify CA certificates and to apply certificate chain path length constraints. The cA component should be set to true for all CA certificates. PKIX recommends that this extension should not appear in end-entity certificates.

If the pathLenConstraint component is present, its value must be greater than the number of CA certificates that have been processed so far (starting with the end-entity certificate and moving up the chain). If pathLenConstraint is omitted, then all of the higher level CA certificates in the chain must not include this component when the extension is present.

See CA Certificates and Extension Interactions regarding the interaction of the this extension with the Netscape Certificate Type extension.

CMS Version Support

Refer to "Basic Constraints Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendation

Netscape requires this extension for all CA certificates.

Microsoft Recommendation

Microsoft recommends this extension for all certificates.

certificatePolicies

OID

2.5.29.32

References

http://www.ietf.org/rfc/rfc2459.txt 4.2.1.5

Criticality

This extension may be critical or noncritical.

Discussion

The Certificate Policies extension defines one or more policies, each of which consists of an OID and optional qualifiers. The extension can include a URI to the issuer's Certificate Practice Statement or can embed issuer policy information, such as a user notice in text form. This information can be used by certificate-enabled applications.

If this extension is present, PKIX Part 1 recommends that policies be identified with an OID only, or if necessary only certain recommended qualifiers.

 CMS Version Support

Refer to "Certificate Policies Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendation

Netscape recommends that this extension be included at the discretion of the certificate issuer.

Microsoft Recommendation

Microsoft recommends that this extension be included in all certificates.

cRLDistributionPoints

OID

2.5.29.31

Reference

http://www.ietf.org/rfc/rfc2459.txt 4.2.1.14

Criticality

PKIX recommends that this extension be marked noncritical and that it be supported for all certificates.

Discussion

This extension defines how CRL information for this certificate is to be obtained. It should be used if the system is configured to use CRL issuing points.

If the extension contains a DistributionPointName of type URI, the URI is assumed to be a pointer to the current CRL for the associated reasons and will be issued by the associated cRLIssuer. The expected values for the URI are those defined for the subjectAltName extension. If the distributionPoint omits reasons, the CRL must include revocations for all reasons. If the distributionPoint omits cRLIssuer, the CRL must be issued by the CA that issued the certificate.

PKIX recommends that this extension be supported by CAs and applications.

 CMS Version Support

Refer to "CRL Distribution Points Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendation

Netscape recommends that this extension be supported for all certificates, with the exception of self-signed root CA certificates.

Microsoft Recommendation

Microsoft recommends that this extension be supported.

extKeyUsage

OID

2.5.29.37

Reference

http://www.ietf.org/rfc/rfc2459.txt 4.2.1.13

Criticality

If this extension is marked critical, the certificate must be used for one of the indicated purposes only. If it is not marked critical, it is treated as an advisory field that may be used to identify keys but does not restrict the use of the certificate to the indicated purposes.

Discussion

The Extended Key Usage extension indicates one or more purposes for which the certified public key may be used. These purposes may be in addition to or in place of the basic purposes indicated in the key usage extension.

The Extended Key Usage extension must include OCSP Signing in an OCSP responder's certificate (unless the CA signing key that signed the certificates validated by the responder is also the OCSP signing key). The OCSP responder's certificate must be issued directly by the CA that signs certificates the responder will validate.

 The Key Usage, Extended Key Usage, and Basic Constraints extensions act together to define the purposes for which the certificate is intended to be used. Applications can use these extensions to disallow the use of a certificate in inappropriate contexts.

 Table B.2 lists the uses defined by PKIX for this extension, and Table B.3 lists uses privately defined by Microsoft or Netscape.

Table B.2 PKIX Extended Key Usage Extension Uses

Use
OID
Server authentication
1.3.6.1.5.5.7.3.1
Client authentication
1.3.6.1.5.5.7.3.2
Code signing
1.3.6.1.5.5.7.3.3
Email
1.3.6.1.5.5.7.3.4
Timestamping
1.3.6.1.5.5.7.3.8
OCSP Signing
1.3.6.1.5.5.7.3.9*

* OCSP Signing is not defined in PKIX Part 1, but in RFC 2560, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP."

Table B.3 Private Extended Key Usage Extension Uses

Use
OID
Certificate trust list signing
1.3.6.1.4.1.311.10.3.1
Microsoft Server Gated Crypto (SGC)
1.3.6.1.4.1.311.10.3.3
Microsoft Encrypted File System
1.3.6.1.4.1.311.10.3.4
Netscape SGC
2.16.840.1.113730.4.1

CMS Version Support

Refer to "Extended Key Usage Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendations

Netscape recommends that this extension be supported for all certificates, and requires it for all certificates that support step-up, or Server Gated Crypto (SGC). OCSP Signing should be included in all certificates issued to OCSP responders.

Microsoft Recommendations

Microsoft products interpret this extension as follows. If the extension is not present, the certificate is considered to be valid for any usage (to support backward compatibility with certificates that did not use this extension). Otherwise, interpretation depends on usage, as follows:

Microsoft allows users to control certificate properties that correspond to Extended Key Usage specifications. For example, from the Internet Explorer 4.0 user interface, the user may deselect a CA certificate in a list of CA certificates otherwise trusted for a given usage. Note that the user may only restrict uses, and not add uses that are not supported by the certificate itself. These user settings affect only the interpretation of the certificate on the computer where they are set. They do not affect the certificate itself.

 A given certificate is valid only for the intersection of key usages of all the certificates in the chain to its root (as determined by both the Extended Key Usage extension for each certificate and the corresponding user settings). To be valid for a particular usage, the end-entity certificate and all certificates in the chain must all be valid for that usage.

 issuerAltName

OID

2.5.29.18

Reference

http://www.ietf.org/rfc/rfc2459.txt 4.2.1.8

Criticality

PKIX Part 1 recommends that this extension be marked noncritical.

Discussion

The Issuer Alternative Name extension is used to associate Internet-style identities with the certificate issuer. Names must use the forms defined for subjectAltName.

CMS Version Support

Refer to "Issuer Alternative Name Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendation

Netscape products do not examine this extension.

Microsoft Recommendation

Microsoft products do not examine this extension. Microsoft recommends that authorityKeyIdentifier be used rather than issuerAltName or the certificate's issuer name for the purposes of building certificate chains.

keyUsage

OID

2.5.29.15

Reference

http://www.ietf.org/rfc/rfc2459.txt 4.2.1.3

Criticality

This extension may be critical or noncritical. PKIX Part 1 recommends that it should be marked critical if it is used.

Discussion

The Key Usage extension defines the purpose of the key contained in the certificate. The Key Usage, Extended Key Usage, Basic Constraints, and Netscape Certificate Type extensions act together to specify the purposes for which a certificate can be used. For more information on interactions between these extensions in CA certificates, see CA Certificates and Extension Interactions.

If this extension is included at all, set the bits as follows:

 Table B.4 summarizes the above guidelines for typical certificate uses.

Table B.4 Certificate uses and corresponding Key Usage bits

Purpose of certificate
Required Key Usage bit
CA Signing
keyCertSign
cRLSign
SSL Client
digitalSignature
SSL Server
keyEncipherment
S/MIME Signing
digitalSignature
S/MIME Encryption
keyEncipherment
Certificate Signing
keyCertSign
Object Signing
digitalSignature

If the keyUsage extension is present and is marked critical, then it will be used to enforce the usage of the certificate and key. The extension is used to limit the usage of a key; if the extension is not present or not critical, all types of usage are allowed.

If the keyUsage extension is present (critical or not), it is used to select from multiple certificates for a given operation. For example, it is used to distinguish separate signing and encryption certificates for users who have separate certificates and key pairs for these operations.

CMS Version Support

Refer to "Key Usage Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendation

Netscape recommends this extension for all certificates if their intended purpose or purposes are known. Netscape requires this extension for all dual-key signing certificates.

Microsoft Recommendation

Microsoft recommends this extension for all certificates if their intended purpose or purposes are known. If the extension is absent, Microsoft products will assume the certificate is valid for all usages. If the extension is present, Microsoft products will interpret the extension in the same way whether marked critical or not. If the extension is present, the actual usage must conform to the specified usage.

The only Microsoft application that currently enforces this extension is Microsoft Outlook.

 nameConstraints

OID

2.5.29.30

Reference

http://www.ietf.org/rfc/rfc2459.txt 4.2.1.11

Criticality

PKIX Part 1 requires that this extension be marked critical.

Discussion

This extension, which can used in CA certificates only, defines a name space within which all subject names in subsequent certificates in a certification path must be located.

CMS Version Support

Refer to "Name Constraints Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendation

Netscape products do not currently examine this extension.

Microsoft Recommendation

Microsoft products do not currently examine this extension.

OCSPNocheck

OID

1.3.6.1.5.5.7.48.4

Reference

http://www.ietf.org/rfc/rfc2560.txt 4.2.2.2.1

Criticality

This extension should be noncritical.

Discussion

The extension is meant to be included in an OCSP responder's signing certificate. The extension tells an OCSP client that the signing certificate can be trusted without querying the OCSP responder (since the reply would again be signed by the OCSP responder, and the client would again request the validity status of the signing certificate). This extension is null-valued: its meaning is determined by its presence or absence.

Since the presence of this extension in a certificate will cause OCSP clients to trust responses signed with that certificate, use of this extension should be managed carefully. If the OCSP signing key is compromised, the entire process of validating certificates in the PKI will be compromised for the duration of the validity period of the certificate. Therefore, certificates using OCSPNocheck should be issued with short lifetimes and be renewed frequently.

 CMS Version Support

Refer to "OCSPNocheck Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendation

Netscape recommends using this extension in OCSP responder signing certificates. The validity period should be short enough to minimize the potential impact of a compromised OCSP responder signing key to your organization.

Microsoft Recommendation

Microsoft products do not currently use online status checking.

policyConstraints

OID

2.5.29.36

References

http://www.ietf.org/rfc/rfc2459.txt 4.2.1.12

Criticality

This extension may be critical or noncritical.

Discussion

This extension, which is for CA certificates only, constrains path validation in two ways. It can be used to prohibit policy mapping or to require that each certificate in a path contain an acceptable policy identifier.

PKIX requires that, if present, this extension must never consist of a null sequence. At least one of the two available fields must be present.

 CMS Version Support

Refer to "Policy Constraints Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendations

Netscape products do not currently examine this extension.

Microsoft Recommendations

Microsoft products do not currently examine this extension.

policyMappings

OID

2.5.29.33

References

http://www.ietf.org/rfc/rfc2459.txt 4.2.1.6

Criticality

This extension must be noncritical.

Discussion

The Policy Mappings extension is used in CA certificates only. It lists one or more pairs of OIDs used to indicate that the corresponding policies of one CA are equivalent to policies of another CA. It may be useful in the context of cross-certification.

This extension may be supported by CAs and/or applications.

 CMS Version Support

Refer to "Policy Mappings Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendation

Netscape products do not currently examine this extension.

Microsoft Recommendations

Microsoft products do not currently examine this extension.

privateKeyUsagePeriod

OID

2.5.29.16

Reference

http://www.ietf.org/rfc/rfc2459.txt 4.2.1.4

Discussion

The Private Key Usage Period extension allows the certificate issuer to specify a different validity period for the private key than for the certificate itself. This extension is intended for use with digital signature keys.

PKIX Part 1 recommends against the use of this extension. CAs conforming to PKIX Part 1 must not generate certificates with this extension.

 CMS Version Support

Refer to "Private Key Usage Period Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendation

Netscape recommends against the use of this extension.

Microsoft Recommendation

Microsoft recommends against the use of this extension.

subjectAltName

OID

2.5.29.17

Reference

http://www.ietf.org/rfc/rfc2459.txt 4.2.1.7

Criticality

If the certificate's subject field is empty, this extension must be marked critical.

Discussion

The Subject Alternative Name extension includes one or more alternative (non-X.500) names for the identity bound by the CA to the certified public key. It may be used in addition to the certificate's subject name or as a replacement for it. Defined name forms include Internet electronic mail address (SMTP, as defined in RFC-822), DNS name, IP address, and uniform resource identifier (URI).

PKIX requires this extension for entities that are identified by name forms other than the X.500 distinguished name (DN) used in the subject field. PKIX Part 1 describes additional rules for the relationship between this extension and the subject field.

Email addresses may be provided either in the Subject Alternative Name extension, the certificate subject name field, or both. If the email address is provided as part of the subject name, it must be in the form of the EmailAddress attribute defined by PKCS-9. Software that supports S/MIME must be able to read an email address from either the Subject Alternative Name extension or from the subject name field.

CMS Version Support

Refer to "Subject Alternative Name Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendation

Netscape recommends the use of this extension with all certificates issued by a CA (except for SSL client certificates).

Netscape products read only the first alternative name in this extension, and ignore the rest. For S/MIME certificates, Netscape software first checks the first alternative name in this extension (if the extension is present) for the EmailAddress attribute. If the first alternative name is not an EmailAddress attribute, Netscape software looks for the e= attribute of the DN. If the e= attribute is not present, Netscape software looks for the mail= attribute of the DN.

 Microsoft Recommendation

Microsoft recommends the use of this extension whenever X.500 guidelines are insufficient for naming purposes. Currently, no Microsoft products require the use of Subject Alternative Name. All Microsoft products that support S/MIME are capable of reading email names from this extension or from the subject name. Future versions of Microsoft Exchange Server will issue certificates with X.500 names that do not contain the Email Address attribute, and will place the SMTP address in the Subject Alternative Name extension.

subjectDirectoryAttributes

OID

2.5.29.9

Reference

http://www.ietf.org/rfc/rfc2459.txt 4.2.1.9

Criticality

PKIX Part 1 requires that this extension be marked noncritical.

Discussion

The Subject Directory Attributes extension conveys any desired directory attribute values for the subject of the certificate. It is not recommended as an essential part of the proposed PKIX standard, but may be used in local environments.

CMS Version Support

Refer to "Subject Directory Attributes Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendation

Netscape products do not examine this extension.

Microsoft Recommendation

Microsoft products do not examine this extension.

subjectKeyIdentifier

OID

2.5.29.14

Reference

http://www.ietf.org/rfc/rfc2459.txt 4.2.1.2

Criticality

This extension is always noncritical.

Discussion

The Subject Key Identifier extension identifies the public key certified by this certificate. This extension provides a way of distinguishing public keys if more than one is available for a given subject name, for example after the certificate has been renewed with a new key.

The value of this extension should be calculated by performing a SHA-1 hash of the certificate's DER-encoded subjectPublicKeyInfo, as recommended by PKIX. This extension is used with the form of the authorityKeyIdentifier extension in which the issuer's public key is specified by a hash. In this case the verifier does not need to compute the hash, since it's only necessary to compare the issuer's Subject Key Identifier with the subject's Authority Key Identifier.

PKIX Part 1 requires this extension for all CA certificates and recommends it for all other certificates.

CMS Version Support

Refer to "Subject Key Identifier Extension Policy" in Chapter 18 of Netscape Certificate Management System Administrator's Guide.

Netscape Recommendation

Netscape recommends this extension for all certificates.

Microsoft Recommendation

Microsoft recommends this extension for all certificates.


Standard X.509 v3 CRL Extensions
In addition to certificate extensions, the X.509 v3 proposed standard defines extensions to CRLs, which provide methods for associating additional attributes with Internet CRLs. These are of two kinds: extensions to the CRL itself, and extensions to individual certificate entries in the CRL.

 Extensions for CRLs

The sections that follow describe the CRL extension types that are defined as part of the Internet X.509 v3 Public Key Infrastructure proposed standard, as of September 1998.

These are the CRL extensions described in the sections that follow:

 authorityKeyIdentifier

OID

2.5.29.35

Reference

http://www.ietf.org/rfc/rfc2459.txt 5.2.1

Discussion

The Authority Key Identifier extension for a CRL identifies the public key corresponding to the private key used to sign the CRL. For details, see the discussion under certificate extensions at authorityKeyIdentifier.

CRLNumber

OID

2.5.29.20

Reference

http://www.ietf.org/rfc/rfc2459.txt 5.2.3

Criticality

This extension must not be critical.

Discussion

The CRL Number extension specifies a sequential number for each CRL issued by a CA. It allows users to easily determine when a particular CRL supersedes another CRL.

PKIX requires that all CRLs have this extension.

 deltaCRLIndicator

OID

2.5.29.27

Reference

http://www.ietf.org/rfc/rfc2459.txt 5.2.4

Criticality

PKIX requires that this extension be critical if it exists.

Discussion

The Delta CRL Indicator extension identifies a delta-CRL. The use of delta-CRLs allows changes to be added to the local database while ignoring unchanged information that is already in the local database. This can significantly improve processing time for applications that store revocation information in a format other than the CRL structure.

This extension is used only with delta-CRLs, which are not supported by Certificate Management System.

 issuerAltName

OID

2.5.29.18

Reference

http://www.ietf.org/rfc/rfc2459.txt 5.2.2

Discussion

The Issuer Alternative Name extension allows additional identities to be associated with the issuer of the CRL. For details, see the discussion under certificate extensions at issuerAltName.

issuingDistributionPoint

OID

2.5.29.28

Reference

http://www.ietf.org/rfc/rfc2459.txt 5.2.5

Criticality

PKIX requires that this extension be critical if it exists.

Discussion

The Issuing Distribution Point CRL extension identifies the CRL distribution point for a particular CRL and indicates what kinds of revocation it covers.

PKIX Part I does not require this extension.

CRL Entry Extensions

The sections that follow lists the CRL entry extension types that are defined as part of the Internet X.509 v3 Public Key Infrastructure proposed standard, as of September 1998. All of these extensions are noncritical.

These are the CRL entry extensions described in the sections that follow:

 certificateIssuer

OID

2.5.29.29

Reference

http://www.ietf.org/rfc/rfc2459.txt 5.3.4

Discussion

The Certificate Issuer extension identifies the certificate issuer associated with an entry in an indirect CRL.

This extension is used only with indirect CRLs, which are not supported by Certificate Management System.

 holdInstructionCode

OID

2.5.29.23

Reference

http://www.ietf.org/rfc/rfc2459.txt 5.3.2

Discussion

The Hold Instruction Code extension indicates the action to be taken after encountering a certificate that has been placed on hold.

invalidityDate

OID

2.5.29.24

Reference

http://www.ietf.org/rfc/rfc2459.txt 5.3.3

Discussion

The Invalidity Date extension provides the date on which the private key was compromised or that the certificate otherwise became invalid.

reasonCode

OID

2.5.29.21

Reference

http://www.ietf.org/rfc/rfc2459.txt 5.3.1

Discussion

The Reason Code extension identifies the reason for certificate revocation.


Netscape-Defined Certificate Extensions
Netscape has defined certain certificate extensions for use with Navigator and Communicator. Some of the extensions that have been defined are now obsolete, and others can be superseded by the extensions defined in the X.509 proposed standard. All Netscape extensions should be tagged as noncritical, so that their presence in a certificate does not make that certificate incompatible with other clients.

 The specifications for all Netscape-defined extensions are defined at http://home.netscape.com/eng/security/comm4-cert-exts.html. For most CMS deployments, only netscape-cert-type and netscape-comment need to be supported to maintain compatibility with Navigator 3.x. Therefore, only these two Netscape certificate extensions are described here.

netscape-cert-type

OID

2.16.840.1.113730.1

Discussion

The Netscape Certificate Type extension can be used to limit the purposes for which a certificate can be used. It has been replaced by the X.509 v3 extensions extKeyUsage and basicConstraints, but must still be supported in deployments that include Navigator 3.x clients.

If the extension exists in a certificate, it limits the certificate to the uses specified in it. If the extension is not present, the certificate can be used for all applications except object signing.

The value is a bit-string, where the individual bit positions, when set, certify the certificate for particular uses as follows:

 netscape-comment

OID

2.16.840.1.113730.13

Discussion

The value of this extension is an IA5String. It is a comment that can be displayed to the user when the certificate is viewed.


Adding Extensions in Certificate Management System
When Certificate Management System creates a certificate in response to a certificate request, it can add extensions according to the policiesd defined in extension-specific policy modules. Policy modules are available with the distribution that can be used to add certificate extensions. For more information about policies and extensions, see Chapter 16, "Introduction to Policy," in Netscape Certificate Management System Administrator's Guide.

By default, only noncritical extensions are added to certificates. This ensures that the resulting certificates can be used with all clients. If you add a critical extension, the resulting certificate can only be used by clients that support that extension.

 You can write a policy module to add any extension that Certificate Management System supports. For a summary of the certificate extensions supported by CMS policy modules, see Policy Modules in Chapter 1.


CA Certificates and Extension Interactions
Netscape recommends that all CA certificates contain the basicConstraints extension, as this is the standard way to identify a CA certificate. In addition, to ensure support for Navigator 3.x, CAs should also use netscape-cert-type. These two extensions can interact with each other. The following table describes what different combinations of the two extensions mean.
Extensions Present
Description
Only basicConstraints
The certificate is a CA certificate if the cA component is true. Path length processing is done as described above.
Only netscape-cert-type
The certificate is a CA if at least one of the CA bits is set: SSL CA (5), S/MIME CA (6), or object-signing CA (7). The certificates issued by this CA are limited to the particular applications specified. Path length processing is done as though the pathLenConstraint is unlimited.
Neither extension
The certificate is not a CA.
Both extensions
The certificate is a CA certificate if the cA component of basicConstraints is true. If one or more of the SSL CA (5), S/MIME CA (6), or object-signing CA (7) bits are set in the netscape-cert-type extension, then the CA will be limited to issuing certificates for the specified application areas; otherwise, the CA can issue certificates for any application.

A certificate chain generally consists of an entity certificate, zero or more intermediate CA certificates, and a root CA certificate. Typically the root CA certificate is self-signed and is loaded into Communicator's certificate database as a trusted CA.

An exchange of certificates takes place when performing an SSL handshake, when sending an S/MIME message, or when sending a signed object. As part of the handshake, the sender is expected to send the subject certificate and any intermediate CA certificates needed to link the subject certificate to the trusted root. For certificate chaining to work properly the certificates should have the following properties:

 

Copyright © 2000 Sun Microsystems, Inc. Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.