Page History
...
It also contains information (extensions) that support its roles of issuing certificates (CRLDistPoint, BasicConstraints etc...).
It should also contain the BasicConstraints extension with the CA flag set to true.
...
Top level OID assignments:
...
0 | ITU-T assigned |
1 | ISO assigned |
2 | Joint ISO/ITU-T assignment |
Secondary level assignments:
...
2.5 | X.500 Directory Services |
Other level assignments:
...
...
2.5.4
...
...
2.5.4.3
...
Common Name
...
2.5.4.5
...
Serial Number
...
2.5.4.6
...
Country Name
...
2.5.4.7
...
Locality
...
2.5.4.8
...
State
...
2.5.4.10
...
Organization
...
2.5.4.11
...
Organizational Unit
...
...
2.5.29
...
Object Identifiers for Version 3 extensions
...
2.5.29.14
...
Subject Key Identifier
...
2.5.29.15
...
Key Usage
...
2.5.29.17
...
Subject Altervative Name
...
2.5.29.19
...
Basic Constraints
...
2.5.29.35
...
Authority Key Identifier
Certificate viewed using a generic BER viewer:
...
RFC 2459 Internet X.509 Public Key Infrastructure Certificate and CRL Profile describe the role of the different key usage extensions bits.
CRL Sign is enabled when the public key is used for verifying a signature on a CRL. Enable for CA certificates.
...
Non Repudiation is enabled when the public key is used to verify digital signatures. Enable for S/MIME signing certificates and object-signing certificates.
2.5.4 | Object Identifiers for X.500 attributes type |
2.5.4.3 | Common Name |
2.5.4.5 | Serial Number |
2.5.4.6 | Country Name |
2.5.4.7 | Locality |
2.5.4.8 | State |
2.5.4.10 | Organization |
2.5.4.11 | Organizational Unit |
2.5.29 | Object Identifiers for Version 3 extensions |
2.5.29.14 | Subject Key Identifier |
2.5.29.15 | Key Usage |
2.5.29.17 | Subject Altervative Name |
2.5.29.19 | Basic Constraints |
2.5.29.35 | Authority Key Identifier |