Introduction to Certificate Extensions
Appendix
C
Certificate and CRL Extensions
329
The X.509 v3 standard for certificates also suggests that you can define your own
extensions and include them in certificates you issue. These extensions are called
private, proprietary, or custom extensions and they carry information unique to your
organization or business. Keep in mind that applications may not able to validate
certificates that contain private, critical extensions, thus preventing the use of these
certificates in a general context.
Before the X.509 v3 standard was finalized, Netscape and other companies had to
address some of the most pressing issues listed above with their own extension
definitions. For example, Netscape applications (Netscape Navigator 3.0 or higher,
and Enterprise Server 2.01 or higher) support an extension known as Netscape
Certificate Type Extension that specifies the type of certificate issued, such as
client, server, or object signing. Therefore, to maintain compatibility with older
versions of browsers that were released before the X.509 v3 specification was
finalized, certain kinds of certificates should include some of the Netscape
extensions. For details, see “Recommendations for Certificate Extension Use” on
page 331.
Note that the X.500 and X.509 specifications are controlled by the International
Telecommunication Union (ITU), an international organization that primarily
serves large telecom companies, government organizations, and other entities
concerned with the international telecommunications network. The Internet
Engineering Task Force (IETF), which controls many of the standards that underlie
the Internet, is currently developing public-key infrastructure X.509 (PKIX)
standards. These proposed standards further refine the X.509 v3 approach to
extensions for use on the Internet. The recommendations for certificates and CRLs
have reached proposed standard status and are in a document often referred to as
PKIX Part 1, which can be retrieved from
http://www.ietf.org/rfc/rfc2459.txt
.
Some explanations in this appendix also make reference to Abstract Syntax Notation
One (ASN.1) and Distinguished Encoding Rules (DER). These are specified in the
CCITT Recommendations X.208 and X.209. For a quick summary of ASN.1 and DER,
see
A Layman’s Guide to a Subset of ASN.1, BER, and DER
, which is available at RSA
Laboratories’ web site (
http://www.rsa.com
).
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...