NSCertTypeExt Plug-in Module
Chapter
4
Certificate Extension Plug-in Modules
213
The Netscape certificate type extension policy has been implemented in such a way
that it enables you to set the appropriate certificate-type bits for certificates being
issued by Certificate Management System. This way, you can restrict the purposes
for which a certificate should be used by adding the extension, with the
appropriate bits set, to the certificate at the time of issuance. For example, if you
want to restrict a certificate to be used for SSL client authentication only, when
issuing the certificate you would add the Netscape certificate type extension to the
certificate with
ssl_client
(bit 0) set. For general guidelines on setting the
Netscape certificate type extension, see “netscape-cert-type” on page 367.
In the current implementation, you can specify whether to add the extension to
certificates on the server side and which bits in the extension are to be set on the
client side—you specify whether to add the extension by enabling the Netscape
certificate type extension policy and which bits are to be set by adding the
appropriate HTTP variables to the enrollment forms.
Bits set in the Netscape certificate type extension are formed from pre-defined
input variables that you can embed as hidden values in the default enrollment
forms (see “Enrollment Forms” on page 53). Table 4-19 lists the HTTP input
variables that correspond to Netscape certificate type extension bits.
During installation, Certificate Management System automatically creates an
instance of the Netscape certificate type extension policy for the various types of
certificates that you may want the server to issue. See “NSCertTypeExt Rule” on
page 217.
Table 4-19
HTTP input variables for Netscape certificate type extension bits
HTTP input variable
Netscape certificate type extension bit
ssl_client
SSL Client (bit 0)
ssl_server
SSL Server (bit 1)
S/MIME (bit 2)
object_signing
Object Signing (bit 3)
Reserved for future use (bit 4)
ssl_ca
SSL CA (bit 5)
email_ca
S/MIME CA (bit 6)
object_signing_ca
Object Signing CA (bit 7)
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...