Constraints Reference
476
Netscape Certificate Management System Administrator’s Guide • February 2003
Table 10-21
Key Usage Extension Constraint Configuration Parameters
Parameter
Description
critical
Select true allow this extension to be marked critical; select false
to keep this extension from being marked critical. Select true to
allow this to be set; select false to not allow this to be set; select
“-”
to indicate no constraints are placed for this parameter.
digitalSignature
Specifies whether to allow for signing of SSL client certificates,
S/MIME signing certificates, and object-signing certificates.
Select true to allow this to be set; select false to not allow this to
be set; select
“-”
to indicate no constraints are placed for this
parameter.
nonRepudiation
Specifies whether some S/MIME signing certificates and
object-signing certificates. Note, however, that the use of this bit
is controversial. You should carefully consider the legal
consequences of its use before setting it for any certificate. Select
true to allow this to be set; select false to not allow this to be set;
select
“-”
to indicate no constraints are placed for this
parameter.
keyEncipherment
Specifies whether to set the extension for SSL server certificates
and S/MIME encryption certificates. Select true to allow this to
be set; select false to not allow this to be set; select
“-”
to
indicate no constraints are placed for this parameter.
dataEncipherment
Specifies whether to set the extension when the subjects’s public
key is used to encipher user data (as opposed to key material).
Select true to allow this to be set; select false to not allow this to
be set; select
“-”
to indicate no constraints are placed for this
parameter.
keyAgreement
Specifies whether to set the extension whenever the subject’s
public key is used for key agreement. Select true to allow this to
be set; select false to not allow this to be set; select
“-”
to
indicate no constraints are placed for this parameter.
keyCertsign
Specifies whether extension for all CA signing certificates. Select
true to allow this to be set; select false to not allow this to be set;
select
“-”
to indicate no constraints are placed for this
parameter.
cRLSign
Specifies whether to set the extension for CA signing certificates
that are used to sign CRLs. Select true to allow this to be set;
select false to not allow this to be set; select
“-”
to indicate no
constraints are placed for this parameter.
Содержание Certificate Management System 6.1
Страница 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Страница 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 68: ...Support for Open Standards 68 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 166: ...How a Registration Manager Works 166 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 566: ...Managing Policy Plug in Modules 566 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 710: ...1 3 Organization Security Policies 710 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 716: ...Object Identifiers 716 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 762: ...DNs in Certificate Management System 762 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Страница 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Страница 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...