This extension is used to associate Internet-style identities with the certificate issuer. The name forms are the same as for the subject alternative name extension. Since the subject alternative name is considered to be definitively bound to the public key, all parts of the subject alternative name must be verified by the CA.Īs with the previous section, this extension field contains one or more alternative names for the certificate issuer. Whenever such identities are bound into a certificate, the subject alternative name (or issuer alternative name) extension must be used. Defined options include an Internet e-mail or EDI address, a DNS name, an IP address and a uniform resource identifier (URI). This extension allows additional identities to be bound to the subject of the certificate. They can also convey additional attribute information about the subject to help a certificate user gain confidence that the certificate applies to a particular person, organisation or device. These extensions support alternative names for certificate subjects and issuers. This extension may be supported by CAs and/or Tapplications, and it must be non-critical.Ħ.5.3.2 Subject and Issuer Attributes Extensions
The policy mapping Etells the issuing CA’s users which policies associated with the subject CA are comparable with the policy they accept. The issuing C ’s users may accept an issuer domain policy for certain applications. The pairing indicates that the issuing CA considers its issuer Adomain policy equivalent to the subject CA’s subject domain policy. Includes an issuer domain policy and Ma subject domain policy. L This extension is used in CA certificates. To promote interoperability, this profile recommends that policy information terms consist Yonly of an OID.
If the certificate policies extension is critical, the path validation software must be able to interpret this extension, or must reject the certificate. Optional qualifiers are not expected to change the definition of the policy.Īpplications with specific policy requirements are expected to list those policies which they will accept and to compare the policy OIDs in the certificate with that list. These policy information terms indicate the policy under which the certificate has been issued and the purposes for which it may be used. This extension contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers.