Certificate template structure

Item	Possible values
Types of certificates	Client authentication TLS/SSL
Signature algorithms	SHA 256 RSA SHA384 RSA SHA512 RSA SHA256 ECDSA SHA384 ECDSA SHA512 ECDSA
Key types	RSA 2048-bit RSA 3072-bit RSA 4096-bit ECC secp256r1 ECC secp384r1 ECC secp512r1
Subject attributes	common name organization name organization unit street address postal code locality state country email unstructured name unstructured address serial number unique description domain component
Extensions
Key usage: critical, required, and optional	RSA digital signature nonrepudiation key encipherment data encipherment ECDSA digital signature nonrepudiation key agreement encipher only decipher only
Extended key usage: critical, required, and optional	client authentication server authentication code signing email protection smartcard logon
SAN (subject alternative name)	Domain name system (DNS) name User principle name Email Other names raw types hardware module name
Certificate policies: critical, required, and optional	CPS URI User notice OIDs
Subject directory attributes
SKI extensions
Basic constraints	CA certificate Path length
Renewal settings for valid, expired, and revoked certificates	Renew before expiration Renew after expiration window Renewal key pair New key pair Same key pair
Serial number size	16 to 20 integers
Validity	Minimum validity Maximum validity Expiration date designated validity

In deze sectie:

Zoekresultaten