Introduction to CRL Extensions
734
Netscape Certificate Management System Administrator’s Guide • February 2003
Discussion
The Subject Key Identifier extension identifies the public key certified by this
certificate. This extension provides a way of distinguishing public keys if more
than one is available for a given subject name, for example after the certificate has
been renewed with a new key.
The value of this extension should be calculated by performing a SHA-1 hash of the
certificate’s DER-encoded
subjectPublicKey
, as recommended by PKIX. The
Subject Key Identifier extension is used in conjunction with the Authority Key
Identifier extension for CA certificates. If the CA certificate has a Subject Key
Identifier extension, the key identifier in the Authority Key Identifier extension (of
the certificate being verified) should match the key identifier of the CA’s Subject
Key Identifier extension. It is not necessary for the verifier to recompute the key
identifier in this case.
PKIX Part 1 requires this extension for all CA certificates and recommends it for all
other certificates.
CMS Version Support
Supported since CMS 4.1. Refer to “SubjectKeyIdentifierExt” on page 562.
Introduction to CRL Extensions
Since its initial publication, the X.509 standard for CRL formats has been amended
to include additional information within a CRL. Version 2, the latest version,
allows you to add information as CRL extensions.
The extensions defined by ANSI X9 and ISO/IEC/ITU for X.509 v2 CRLs [X.509]
[X9.55] enable you to associate additional attributes with CRLs. The Internet X.509
Public Key Infrastructure Certificate and CRL Profile (see
http://www.ietf.org/rfc/rfc2459.txt
) recommends a set of extensions to be
used in CRLs. These extensions are called standard CRL extensions.
Summary of Contents for Certificate Management System 6.1
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Page 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Page 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Page 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Page 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Page 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Page 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...