Registration of Object Identifiers
326
Netscape Certificate Management System Plug-Ins Guide • March 2002
a certificate practice statement (CPS) of your company. To implement this, you
need to compose the policy statement you want to include in the extension, define
an OID for the policy statement, and configure Certificate Management System
with the OID so that it can add that to the certificate it issues.
The use of an OID registered to another organization or the failure to register an
OID may carry legal consequences, depending on context. Registration may be
subject to fees. For more information, you should contact the appropriate
registration authority.
To define or assign OIDs for your objects, you must know your company’s arc,
which is an OID for a private enterprise. If your company doesn’t have an arc, it
needs to get one. This URL contains information on registering for a company arc:
http://www.isi.edu/cgi-bin/iana/enterprise.pl
To understand why you need to have a company arc, check the information at this
site:
http://www.alvestrand.no/objectid/2.16.840.1.113730.1.13.html
The site contains information on Netscape-defined OID for an extension named
Netscape Certificate Comment. Note that the OID assigned to this extension is
hierarchical and it includes the Netscape company arc, which is
2.16.840.1.113730
. Every OID Netscape owns has this prefix.
When determining whether to add custom extension to certificates, keep in mind
that if the extension exists in a certificate and if it is marked critical, the application
validating the certificate must be able to interpret the extension (including the
optional qualifiers, if any), or else it must reject the certificate. Since it’s unlikely
that all applications will be able to interpret your company’s extensions (embedded
in the form of OIDs), the PKIX standard recommends that the extension be always
marked noncritical. For general guidelines on setting extensions in certificates, see
Appendix C, “Certificate and CRL Extensions.”
Содержание Certificate Management System 6.0
Страница 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Страница 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 126: ...ValidityConstraints Plug in Module 126 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 266: ...LdapSubjAttrMap Plug in Module 266 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 324: ...DNs in Certificate Management System 324 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 370: ...CA Certificates and Extension Interactions 370 Netscape Certificate Management System Plug Ins Guide March 2002...