Page History
...
It also contains information (extensions) that support its roles of issuing certificates (CRLDistPoint, BasicConstraints etc...).
It should also contain the BasicConstraints extension with the CA flag set to true.
...
Top level OID assignments:
| 0 | ITU-T assigned |
1 | ISO assigned | |
2 | Joint ISO/ITU-T assignment |
Secondary level assignments:
| 2.5 | X.500 Directory Services |
Other level assignments:
| 2.5.4 | Object Identifiers for X.500 attributes type |
2.5.4.3 | Common Name | |
2.5.4.5 | Serial Number | |
2.5.4.6 | Country Name | |
2.5.4.7 | Locality | |
2.5.4.8 | State | |
2.5.4.10 | Organization | |
2.5.4.11 | Organizational Unit |
2.5.29 | Object Identifiers for Version 3 extensions |
2.5.29.14 | Subject Key Identifier |
2.5.29.15 | Key Usage |
2.5.29.17 | Subject Altervative Name |
2.5.29.19 | Basic Constraints |
2.5.29.35 | Authority Key Identifier |
...
RFC 2459 Internet X.509 Public Key Infrastructure Certificate and CRL Profile describe the role of the different key usage extensions bits.
CRL Sign is enabled when the public key is used for verifying a signature on a CRL. Enable for CA certificates.
...