Certificate Profile Id: | caUserCert |
Certificate Profile Name: | Manual User Dual-Use Certificate Enrollment |
Description: | This certificate profile is for enrolling user certificates. |
Approved: | false |
Approved By: |
Policy Information:
Policy Set: userCertSet
# | Extensions / Fields | Constraints |
1 | This default populates a User-Supplied Certificate Subject Name to the request. |
This constraint accepts the subject name that matches CN=.* |
2 | This default populates a Certificate Validity to the request. The default values are Range=180 in days |
This constraint rejects the validity that is not between 365 days |
3 | This default populates a User-Supplied Certificate Key to the request. |
This constraint accepts the key only if Key Type=-, Key Min Length=256, Key Max Length=4096 |
4 | This default populates an Authority Key Identifier Extension (2.5.29.35) to the request. |
No Constraint |
5 | This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true} |
No Constraint |
6 | This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false |
This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false |
7 | This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 |
No Constraint |
9 | This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA1withRSA |
This constraint accepts only the Signing Algorithms of SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC |
12 | This default populates a CRL Distribution Points Extension (2.5.29.31) to the request. The default values are Criticality=false, Record #0{Point Type:http://crl.company.com:80,Point Name:URIName,Reasons:unused,superseded,Issuer Type:http://pkica.company.com,Issuer Name:URIName,Enable:true}Record #1{Point Type:,Point Name:,Reasons:,Issuer Type:,Issuer Name:,Enable:false}Record #2{Point Type:,Point Name:,Reasons:,Issuer Type:,Issuer Name:,Enable:false}Record #3{Point Type:,Point Name:,Reasons:,Issuer Type:,Issuer Name:,Enable:false}Record #4{Point Type:,Point Name:,Reasons:,Issuer Type:,Issuer Name:,Enable:false} |
No Constraint |