Chapter 13. Certificate Profiles
318
Parameter
Description
being set; select a hyphen,
-
, to indicate no constraints are
placed for this parameter.
WARNING
Using this bit is controversial. Carefully consider
the legal consequences of its use before setting it
for any certificate.
keyEncipherment
Specifies whether to set the extension for SSL server
certificates and S/MIME encryption certificates. Select
true
to
allow this to be set; select
false
to keep this from being set;
select a hyphen,
-
, to indicate no constraints are placed for
this parameter.
dataEncipherment
Specifies whether to set the extension when the subject's
public key is used to encrypt user data, instead of key material.
Select
true
to allow this to be set; select
false
to keep this
from being set; select a hyphen,
-
, to indicate no constraints
are placed for this parameter.
keyAgreement
Specifies whether to set the extension whenever the subject's
public key is used for key agreement. Select
true
to allow
this to be set; select
false
to keep this from being set; select
a hyphen,
-
, to indicate no constraints are placed for this
parameter.
keyCertsign
Specifies whether the extension applies for all CA signing
certificates. Select
true
to allow this to be set; select
false
to keep this from being set; select a hyphen,
-
, to indicate no
constraints are placed for this parameter.
cRLSign
Specifies whether to set the extension for CA signing
certificates that are used to sign CRLs. Select
true
to allow
this to be set; select
false
to keep this from being set; select
a hyphen,
-
, to indicate no constraints are placed for this
parameter.
encipherOnly
Specifies whether to set the extension if the public key is to be
used only for encrypting data. If this bit is set,
keyAgreement
should also be set. Select
true
to allow this to be set; select
false
to keep this from being set; select a hyphen,
-
, to
indicate no constraints are placed for this parameter.
decipherOnly
Specifies whether to set the extension if the public key
is to be used only for deciphering data. If this bit is set,
keyAgreement
should also be set. Select
true
to allow this
to be set; select
false
to keep this from being set; select
a hyphen,
-
, to indicate no constraints are placed for this
parameter.
Table 13.24. Key Usage Extension Constraint Configuration Parameters
Summary of Contents for CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
Page 15: ...xv Index 525 ...
Page 16: ...xvi ...
Page 38: ...Chapter 1 Overview 16 Figure 1 4 Certificate System Architecture ...
Page 82: ...Chapter 2 Installation and Configuration 60 rpm ev rhpki manage ...
Page 154: ...132 ...
Page 194: ...172 ...
Page 238: ...216 ...
Page 244: ...222 ...
Page 246: ...224 ...
Page 286: ...264 ...
Page 292: ...270 ...
Page 318: ...Chapter 13 Certificate Profiles 296 Parameter IssuerType_n IssuerName_n ...
Page 321: ...Freshest CRL Extension Default 299 Parameter PointName_n PointIssuerName_n ...
Page 398: ...376 ...
Page 412: ...390 ...
Page 472: ...450 ...
Page 506: ...484 ...
Page 528: ...506 ...
Page 546: ...524 ...