Defaults Reference
Chapter
10
Certificate Profiles
455
For general information about this extension, see “keyUsage” on page 762.
You can define the following constraints with this default:
•
Key Usage Constraint, see “Key Usage Extension Constraint,” on page 473.
•
Extension Constraint, see “Extension Constraint,” on page 473.
•
No Constraints, see “No Constraint,” on page 475.
Table 10-7
Key Usage Extension Default Configuration Parameters
Parameter
Description
critical
Select true to mark this extension critical; select false to mark the
extension noncritical.
digitalSignature
Specifies whether to allow for signing of SSL client certificates,
S/MIME signing certificates, and object-signing certificates.
Select
true
to set, select
false
to not set.
nonRepudiation
Specifies whether to some S/MIME signing certificates and
object-signing certificates. Note, however, that the use of this bit
is controversial. You should carefully consider the legal
consequences of its use before setting it for any certificate. Select
true
to set, select
false
to not set.
keyEncipherment
Specifies whether to set the extension for SSL server certificates
and S/MIME encryption certificates. Select
true
to set, select
false
to not set.
dataEncipherment
Specifies whether to set the extension when the subjects’s public
key is used to encipher user data (as opposed to key material).
Select
true
to set, select
false
to not set.
keyAgreement
Specifies whether to set the extension whenever the subject’s
public key is used for key agreement. Select
true
to set, select
false
to not set.
keyCertsign
Specifies whether extension for all CA signing certificates. Select
true
to set, select
false
to not set.
cRLSign
Specifies whether to set the extension for CA signing certificates
that are used to sign CRLs. Select
true
to set, select
false
to
not set.
encipherOnly
Specifies whether to set the extension if the public key is to be
used only for enciphering data. If this bit is set,
keyAgreement
should also be set. Select
true
to set, select
false
to not set.
Summary of Contents for Certificate Management System 6.2
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 2 June 2003...
Page 22: ...22 Netscape Certificate Management System Administrator s Guide June 2003...
Page 30: ...Documentation 30 Netscape Certificate Management System Administrator s Guide June 2003...
Page 84: ...Uninstalling CMS 84 Netscape Certificate Management System Administrator s Guide June 2003...
Page 380: ...ACL Reference 380 Netscape Certificate Management System Administrator s Guide June 2003...
Page 750: ...Object Identifiers 750 Netscape Certificate Management System Administrator s Guide June 2003...
Page 828: ...Managing Certificates 828 Netscape Certificate Manager System Administrator s Guide June 2003...
Page 844: ...The SSL Handshake 844 Netscape Certificate Manager System Administrator s Guide June 2003...
Page 862: ...862 Netscape Certificate Management System Administrator s Guide June 2003...