KeyUsageExt Plug-in Module
Chapter
4
Certificate Extension Plug-in Modules
187
Note that you can specify which bits in the extension are to be set on both server
and client sides:
•
On the server side, you set the bits by modifying the appropriate configuration
parameters that are defined in the key usage extension policy.
•
On the client side, bits set in the key usage extension are formed from
pre-defined HTTP input variables that can be embedded as hidden values in
the enrollment forms. You specify which bits are to be set by adding the
appropriate HTTP variables to the enrollment forms. Table 4-14 lists the HTTP
input variables that correspond to key usage extension bits.
During installation, Certificate Management System automatically creates multiple
instances of the key usage extension policy suitable for various types of certificates
that you may want the server to issue. The default instances are named as follows:
•
CMCertKeyUsageExt (For details, see “CMCertKeyUsageExt Rule” on
page 193.)
•
RMCertKeyUsageExt (For details, see “RMCertKeyUsageExt Rule” on
page 194.)
NOTE
For all certificates, the key-usage-bits set on the server side (which
is governed by the policy) override the ones set on the client side.
Table 4-14
HTTP input variables for key usage extension bits
HTTP input variable
Key usage extension bit
digital_signature
digitalSignature (bit 0)
non_repudiation
nonRepudiation (bit 1)
key_encipherment
keyEncipherment (bit 2)
data_encipherment
dataEncipherment (bit3)
key_agreement
keyAgreement (bit4)
key_certsign
keyCertsign (bit5)
crl_sign
cRLSign (bit6)
encipher_only
encipherOnly (bit7)
decipher_only
decipherOnly (bit8)
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...