Defaults Reference
454
Netscape Certificate Management System Administrator’s Guide • February 2003
For general information about this extension, see “extKeyUsage” on page 727.
The extension identifies one or more purposes—in addition to or in place of the
basic purposes indicated in the key usage extension—for which the certified public
key may be used. For example, if the key usage extension identifies a key to be
used for signing, the extended key usage extension can further narrow down the
usage of the key for signing OCSP responses only or for signing Java applets only.
Note that Windows 2000
TM
allows you to encrypt files on the hard disk, a feature
known as encrypted file system (EFS), using certificates that contain the Extended
Key Usage extension with the following two OIDs:
1.3.6.1.4.1.311.10.3.4
(this OID is for the EFS certificate)
1.3.6.1.4.1.311.10.3.4.1
(this OID is for the EFS recovery certificate)
The EFS recovery certificate is used by a recovery agent when a user loses the
private key and the data encrypted with that key needs to be used. CMS supports
the above two OIDs and allows you to issue certificates containing extended key
usage extension with these OIDs.
Normal user certificates should be created with only the EFS OID, not the recovery
OID.
You can define the following constraints with this default:
•
Extended Key Usage Constraint, see “Extended Key Usage Extension
Constraint,” on page 474
Table 10-4
PKIX usage definitions for the extended key usage extension
Usage
OID
Server authentication
1.3.6.1.5.5.7.3.1
Client authentication
1.3.6.1.5.5.7.3.2
Code signing
1.3.6.1.5.5.7.3.3
1.3.6.1.5.5.7.3.4
IPSec end system
1.3.6.1.5.5.7.3.5
IPSec tunnel
1.3.6.1.5.5.7.3.6
IPSec user
1.3.6.1.5.5.7.3.7
Timestamping
1.3.6.1.5.5.7.3.8
Summary of Contents for Certificate Management System 6.1
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Page 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Page 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Page 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Page 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Page 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Page 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...