blob: 33079781214a600af28e727c0008e853dc6d4b23 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
AuthorityKeyIdentifier
{
keyIdentifier [0] OCTET_STRING OPTIONAL
authorityCertIssuer [1] GeneralNames OPTIONAL
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
}
SubjectKeyIdentifier OCTET_STRING
KeyUsage
{
BIT_STRING
digitalSignature 0
nonRepudiation 1
keyEncipherment 2
dataEncipherment 3
keyAgreement 4
keyCertSign 5
cRLSign 6
encipherOnly 7
decipherOnly 8
}
extKeyUsage
{
SEQUENCE of OBJECT_IDENTIFIER
}
privateKeyUsagePeriod
{
notBefore [0] GeneralizedTime OPTIONAL
notAfter [1] GeneralizedTime OPTIONAL
}
certificatePoliciesSyntax
SEQUENCE of PoliciesInformation
PoliciesInformation XXX
policyMappings XXX
supportedAlgorithms XXX
subjectAltName
GeneralNames sequence of GeneralName
GeneralName
{
otherName [0] INSTANCE OF OTHER-NAME
rfc882Name [1] IA5String
dNSName [2] IA5String
x400Address [3] ORAddress
directoryName [4] Name
ediPartyName [5]
{
nameAssigner [0] DirectoryString OPTIONAL
partyName [1] DirectoryString
}
uniformResourceIdentifier [6] IA5String
iPAddress [7] OCTET_STRING
registeredID [8] OBJECT_IDENTIFIER
}
issuerAltName
GeneralNames sequence of GeneralName
subjectDirectoryAttribute SEQUENCE of Attribute
basicConstraints
{
cA BOOLEAN default FALSE
pathLenConstraint INTEGER OPTIONAL
}
nameConstraints
{
permittedSubtrees [0] sequence of GeneralSubtree OPTIONAL
excludedSubtrees [1] sequence of GeneralSubtree OPTIONAL
}
GeneralSubtree
{
base GeneralName
minimum [0] BaseDistance DEFAULT 0
maximum [1] BaseDistance OPTIONAL
}
PolicyConstraints
{
requiredExplicitPolicy [0] SkipCerts OPTIONAL
inhibitPolicyMapping [1] SkipCerts OPTIONAL
}
SkipCerts == INTEGER
|
