OID: XCN_OID_NAME_CONSTRAINTS (2.5.29.30) Polic圜onstraints The extension is used only in a CA certificate. The name constraints extension is used to identify the namespace within which all subject names of certificates in a certificate hierarchy must be located. Interface: IX509ExtensionMSApplicationPolicies This extension is similar to the EnhancedKeyUsage extension but with stricter semantics applied to the parent CA. The Microsoft application policies extension can be used by an application to filter certificates on the basis of permitted use. OID: XCN_OID_KEY_USAGE (2.5.29.15) MSApplicationPolicies For example, you can specify that the public key be used only to create a digital signature, sign a certificate revocation list (CRL), or encrypt another key. The key usage extension can be used to define restrictions on the operations that can be performed by the public key contained in the certificate. The same ASN.1 syntax is used for this extension and the CrlDistributionPoints extension. The freshest CRL extension contains the URI of the delta CRL. OID: XCN_OID_ENHANCED_KEY_USAGE (2.5.29.37) FreshestCRL Interface: IX509ExtensionEnhancedKeyUsage The enhanced key usage extension can be used to define one or more uses of the public key contained in the certificate. OID: XCN_OID_CRL_DIST_POINTS (2.5.29.31) EnhancedKeyUsage The certificate revocation list (CRL) distribution points extension contains the URI of the base certificate revocation list (CRL). OID: XCN_OID_CERT_POLICIES (2.5.29.32) CrlDistributionPoints Interface: IX509ExtensionCertificatePolicies Policies are customized for the requirements of an organization. These are identified by a collection of object identifiers (OIDs). The certificate policies extension can be used to identify the policies under which the certificate has been issued and the purposes for it can be used. OID: XCN_OID_BASIC_CONSTRAINTS2 (2.5.29.19) CertificatePolicies Interface: IX509ExtensionBasicConstraints The basic constraints extension can be used to identify whether the entity can be used as a certification authority (CA) and, if so, the number of subordinate CAs that can exist beneath it in the certificate chain. OID: XCN_OID_AUTHORITY_KEY_IDENTIFIER2 (2.5.29.35) BasicConstraints Interface: IX509ExtensionAuthorityKeyIdentifier The value is typically a SHA-1 hash of the public key. When a CA issues a certificate, the extension value is set equal to the SubjectKeyIdentifier extension in the CA signing certificate. It is used by certificate path building software on a Windows server to find the CA certificate. The authority key identifier extension enables identification of the CA public key that corresponds to the CA private key that signed an issued certificate. OID: XCN_OID_AUTHORITY_INFO_ACCESS (1.3.6.1.5.5.7.1.1) AuthorityKeyIdentifier The extension value contains a sequence of URIs. The authority information access extension identifies how to access CA information and services. OID: XCN_OID_SUBJECT_ALT_NAME2 (2.5.29.17) AuthorityInformationAccess Interface: IX509ExtensionAlternativeNames Example alternative forms include email addresses, DNS names, IP addresses, and URIs. The alternative names extension can be used to define one or more alternative name forms for the subject of the certificate request. The following list identifies the common extensions supported by Microsoft certification authorities, and the object identifiers and interfaces that you can use to create them. The Certificate Enrollment API also provides interfaces derived from IX509Extension to enable you to easily create any of the most common extensions. You can use the IX509Extension interface to define an arbitrary extension.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |