You are here: Home » Services » SEEMail » S.E.E. PKI: Key Certificate Policy v1.91 » 7 Certificate and CRL Profiles

7 Certificate and CRL Profiles

Within this section:
7.1 Certificate Profile
7.2 CRL Profile

7.1 Certificate Profile

137. All certificates must be X.509 Version 3 in accordance with the PKIX Certificate and CRL Profile.

138. The PKI End-Entity software must support all the base (non-extension) X.509 fields as well as the certificate extensions identified in section 4.2.2 of the PKIX certificate profile.

139. The CRL Distribution Point (CDP) defined in each certificate must specify the location of the CRL and the protocol used to address and obtain it (either HTTP or LDAP).

140. The Authority Information Access extension should specify an OCSP service, and if specified, must specify HTTP or HTTPS as the protocol.

141. The Certificate Policies extension must specify the appropriate Certificate Policy OID as per Section 1.2, for all certificates issued under this policy.

7.2 CRL Profile

142. All CRLs must be X.509 Version 2 in accordance with the PKIX Certificate and CRL Profile.

[ Previous | Next ]

Tabs

7 Certificate and CRL Profiles

7.1 Certificate Profile

7.2 CRL Profile