Standard X.509 v3 Certificate Extensions
Appendix
C
Certificate and CRL Extensions
339
authorityInfoAccess
OID
1.3.6.1.5.5.7.1.1
Reference
http://www.ietf.org/rfc/rfc2459.txt
4.2.2.1
Criticality
This extension must be noncritical.
Discussion
The Authority Information Access extension indicates how and where to access
information about the issuer of the certificate. The extension contains an
accessMethod
and an
accessLocation
field. The
accessMethod
specifies (by an
OID) the type and format of information about the issuer found at the
accessLocation
.
PKIX Part 1 defines one
accessMethod
(
id-ad-caIssuers
) to get a list of CAs that
have issued certificates higher in the CA chain than the issuer of the certificate
using the extension. The
accessLocation
field then typically contains a URL
indicating the location and protocol (LDAP, HTTP, FTP) used to retrieve the list.
The Online Certificate Status Protocol (RFC 2560), available at
http://www.ietf.org/rfc/rfc2560.txt
, defines an
accessMethod
(
id-ad-ocsp
) for using OCSP to verify certificates. The
accessLocation
field then
contains a URL indicating the location and protocol used to access an OCSP
responder that can validate the certificate.
CMS Version Support
Refer to “AuthInfoAccessExt Plug-in Module” on page 132.
•
CMS 4.1
: Not supported
•
CMS 4.2
: Supported
•
CMS 4.2-SP2
: Supported
•
CMS 4.5
: Supported
•
CMS 6.0
: Supported
Netscape Recommendation
Netscape recommends that you add this extension with
id-ad-ocsp
and the URL
for an OCSP responder to every certificate that can be verified using OCSP.
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...