Introduction to CRL Extensions
Appendix
C
Certificate and CRL Extensions
357
Discussion
The Subject Key Identifier extension identifies the public key certified by this
certificate. This extension provides a way of distinguishing public keys if more
than one is available for a given subject name, for example after the certificate has
been renewed with a new key.
The value of this extension should be calculated by performing a SHA-1 hash of the
certificate’s DER-encoded
subjectPublicKey
, as recommended by PKIX. The
Subject Key Identifier extension is used in conjunction with the Authority Key
Identifier extension for CA certificates. If the CA certificate has a Subject Key
Identifier extension, the key identifier in the Authority Key Identifier extension (of
the certificate being verified) should match the key identifier of the CA’s Subject
Key Identifier extension. It is not necessary for the verifier to recompute the key
identifier in this case.
PKIX Part 1 requires this extension for all CA certificates and recommends it for all
other certificates.
CMS Version Support
Refer to “SubjectKeyIdentifierExt Plug-in Module” on page 242.
•
CMS 4.1
: Supported
•
CMS 4.2
: Supported
•
CMS 4.2-SP2
: Supported
•
CMS 4.5
: Supported
•
CMS 6.0
: Supported
Netscape Recommendation
Netscape recommends this extension for all certificates.
Microsoft Recommendation
Microsoft recommends this extension for all certificates.
Introduction to CRL Extensions
Since its initial publication, the X.509 standard for CRL formats has been amended
to include additional information within a CRL. Version 2, the latest version,
allows you to add information as CRL extensions.
Содержание Certificate Management System 6.0
Страница 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Страница 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 126: ...ValidityConstraints Plug in Module 126 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 266: ...LdapSubjAttrMap Plug in Module 266 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 324: ...DNs in Certificate Management System 324 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 370: ...CA Certificates and Extension Interactions 370 Netscape Certificate Management System Plug Ins Guide March 2002...