Certificate extensions
PKITP supports the following certificate extensions:
- AuthorityInformationAccess
- Checked for form only.
- AuthorityKeyIdentifier
- Checked for form only.
- BasicConstraints
- For CA certificate, cA flag must be on. Also checked for certification path length.
- CertificatePolicies
- See Certificate policies.
- CRLDistributionPoints
- See Checking certificate status with PKITP.
- HostIdMappings
- Checked for form only.
- IssuerAltName
- Checked for form only. Must be marked critical if the issuer DN is empty.
- KeyUsage
- For CA certificates, the key CertSign flag must be on.
- SubjectAltName
- Checked for form only. Must be marked critical if the subject DN is empty.
- SubjectKeyIdentifier
- Checked for form only.