Supported standards

PKI Services supports the following standards for public key cryptography:

Secure Sockets Layer (SSL) version 2 and version 3, with client authentication
PKCS #10 browser and server certificate format, with a base64-encoded response
IPSEC certificate format
S/MIME certificate format
Browser certificates for:
- 32-bit versions of Microsoft Internet Explorer
- Mozilla-based browsers such as Mozilla Firefox
Server certificates
LDAP standard for communications with the directory
X.509v3 certificates
Certificate revocation lists (CRLv2)
Key lengths up to 4096 bits for the RSA CA signing private keys and up to 1024 bits for DSA keys
RSA algorithms for encryption and signing
DSA algorithms for signing
ECC algorithms for encryption and signing
RFC 2560: Online Certificate Status Protocol - OCSP
RFC 4291: IP Version 6 Addressing Architecture
RFC 4210: Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)
RFC 4211 Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)
Cisco Systems' Simple Certificate Enrollment Protocol (SCEP)

The LDAP standard that PKI Services supports is LDAP Version 2. A directory using LDAP Version 3 (with RFC 1779 syntax) is acceptable if it is backwardly compatible with Version 2.

PKI Services supports the RDNs needed for an Extended Validation (EV) certificate. The criteria for issuing EV certificates are defined by the Guidelines for Extended Validation Certificates produced by the CA/Browser Forum, at http://www.cabforum.org/Guidelines_v1_3.pdf. PKI Services does not enforce these criteria. If you want to issue EV certificates, it is your responsibility to enforce the criteria.