SubjectKeyIdentifierExt Plug-in Module
242
Netscape Certificate Management System Plug-Ins Guide • March 2002
SubjectKeyIdentifierExt Plug-in Module
The
SubjectKeyIdentifierExt
plug-in module implements the subject key
identifier policy. This policy enables you to configure Certificate Management
System to add the Subject Key Identifier Extension defined in X.509 and PKIX
standard RFC 2459 (see
http://www.ietf.org/rfc/rfc2459.txt
) to certificates.
The extension is used to identify certificates that contain a particular public
key—that is, the extension is used to uniquely identify a certificate from among
several that have the same subject name.
Typically, the subject key identifier extension is used in CA certificates as it helps
determine which CA key is being certified in a CA certificate. To facilitate chain
building, you should consider adding this extension to conforming subordinate
CA certificates (subordinate Certificate Managers’ CA signing certificates) issued
by Certificate Management System. You may also want to consider adding this
extension to other or all certificates. For example, if added to end-entity certificates,
the extension provides a means for identifying certificates containing the particular
public key used in an application. If an end entity has multiple certificates,
especially from multiple CAs, the subject key identifier provides a means to
quickly identify the set of certificates that contain a particular public key.
For general guidelines on setting the subject key identifier extension, see
“subjectKeyIdentifier” on page 356.
attribute<n>.whereT
oGetValue
Specifies from where to get the value for the selected directory attribute.
Permissible values:
Request Attribute
or
Fixed Value
.
• Select
Request Attribute
if you want the server to read the value from
the request attribute.
• Select
Fixed Value
if you want to specify a fixed value for the attribute.
Note that both the options require you to enter the value for the attribute in the
attribute<n>.value
field. The server will set the extension with this value
in all certificates specified by the
predicate
parameter.
Example:
Fixed Value
attribute<n>.value
Specifies the value for the directory attribute to be included in the extension.
Permissible value: A string value for the attribute selected.
Example:
Member of Technical Staff
Table 4-27
Description of parameters defined in the SubjectDirectoryAttributesExt module (Continued)
Parameter
Description
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...