Difference between revisions of "System Certificate Profile Constraints"

From Dogtag
Jump to: navigation, search
m
m (Replaced content with "This page has been moved to https://github.com/dogtagpki/pki/wiki/Configuring-Bootstrap-Profiles.")
 
Line 1: Line 1:
= Overview =
+
This page has been moved to https://github.com/dogtagpki/pki/wiki/Configuring-Bootstrap-Profiles.
 
 
In system certificate profiles the constraint are listed as follows:
 
 
 
<pre>
 
list=2,4,5,6,7,8
 
</pre>
 
 
 
= CA Certificate Validity Default =
 
 
 
<pre>
 
<prefix>.default.class=com.netscape.cms.profile.def.CAValidityDefault
 
<prefix>.default.name=CA Certificate Validity Default
 
<prefix>.default.params.range=7305
 
<prefix>.default.params.startTime=0
 
</pre>
 
 
 
The range unit can be changed with the following property:
 
 
 
<pre>
 
<prefix>.default.params.rangeUnit=<unit>
 
</pre>
 
 
 
Valid values are:
 
* year
 
* month
 
* day (default)
 
* hour
 
* minute
 
 
 
= Validity Default =
 
 
 
<pre>
 
<prefix>.default.class=com.netscape.cms.profile.def.ValidityDefault
 
<prefix>.default.name=Validity Default
 
<prefix>.default.params.range=720
 
<prefix>.default.params.startTime=0
 
</pre>
 
 
 
The range unit can also be changed as in the CA Certificate Validity Default.
 
 
 
= Authority Key Identifier Default =
 
 
 
<pre>
 
<prefix>.default.class=com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault
 
<prefix>.default.name=Authority Key Identifier Default
 
<prefix>.default.params.localKey=true
 
</pre>
 
 
 
= Basic Constraints Extension Default =
 
 
 
<pre>
 
<prefix>.default.class=com.netscape.cms.profile.def.BasicConstraintsExtDefault
 
<prefix>.default.name=Basic Constraints Extension Default
 
<prefix>.default.params.basicConstraintsCritical=true
 
<prefix>.default.params.basicConstraintsIsCA=true
 
<prefix>.default.params.basicConstraintsPathLen=-1
 
</pre>
 
 
 
= AIA Extension Default =
 
 
 
<pre>
 
<prefix>.default.class=com.netscape.cms.profile.def.AuthInfoAccessExtDefault
 
<prefix>.default.name=AIA Extension Default
 
<prefix>.default.params.authInfoAccessADEnable_0=true
 
<prefix>.default.params.authInfoAccessADLocationType_0=URIName
 
<prefix>.default.params.authInfoAccessADLocation_0=
 
<prefix>.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
 
<prefix>.default.params.authInfoAccessCritical=false
 
<prefix>.default.params.authInfoAccessNumADs=1
 
</pre>
 
 
 
= Key Usage Default =
 
 
 
<pre>
 
<prefix>.default.class=com.netscape.cms.profile.def.KeyUsageExtDefault
 
<prefix>.default.name=Key Usage Default
 
<prefix>.default.params.keyUsageCritical=true
 
<prefix>.default.params.keyUsageDigitalSignature=true
 
<prefix>.default.params.keyUsageNonRepudiation=true
 
<prefix>.default.params.keyUsageDataEncipherment=true
 
<prefix>.default.params.keyUsageKeyEncipherment=true
 
<prefix>.default.params.keyUsageKeyAgreement=false
 
<prefix>.default.params.keyUsageKeyCertSign=false
 
<prefix>.default.params.keyUsageCrlSign=false
 
<prefix>.default.params.keyUsageEncipherOnly=false
 
<prefix>.default.params.keyUsageDecipherOnly=false
 
</pre>
 
 
 
= Subject Key Identifier Extension Default =
 
 
 
<pre>
 
<prefix>.default.class=com.netscape.cms.profile.def.SubjectKeyIdentifierExtDefault
 
<prefix>.default.name=Subject Key Identifier Extension Default
 
<prefix>.default.params.critical=false
 
</pre>
 
 
 
= Extended Key Usage Extension Default =
 
 
 
<pre>
 
<prefix>.default.class=com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault
 
<prefix>.default.name=Extended Key Usage Extension Default
 
<prefix>.default.params.exKeyUsageCritical=false
 
<prefix>.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1
 
</pre>
 
 
 
= References =
 
 
 
* [https://github.com/dogtagpki/pki/wiki/Certificate-Profile-Constraints Certificate Profile Constraints]
 

Latest revision as of 20:38, 3 August 2022

This page has been moved to https://github.com/dogtagpki/pki/wiki/Configuring-Bootstrap-Profiles.