Skip to main content

Certificate policies

Certificate policies allow you to define the certificate policies extensions in the certificate.

Example JSON: Certificate policies

{
  ...
  "extensions": {
    "certificate_policies": {
      "critical": false,
      "include": "yes",
      "source": [
        "request",
        "template"
      ],
      "value": [
        {
          "oid":"1.2.4.5",
          "cps_uri":"https://www.digicert.com/cps",
          "user_notice":"Legal notice"
        }, {
          "oid":"1.2.615.4"
        }
      ],
    "required":
    [
      {
      "oid":"2.23.140.1.2.2"
      }, {
      "oid":"2.23.140.1.2.3"
      }, {
      "oid":"2.23.140.1.1"
      }, {
      "oid":"2.23.140.1.2.1"
      }
    ],
    "optional":
    [
      {
      "oid":"2.23.140.1.2.200"
      }, {
      "oid":"2.23.140.1.2.201"
      }
      ]
    }
  }
}

Parameters: Certificate policies

Name	Type	Req/Opt	Description
certificate_policies	object	optional	Certificate policies extension details
.. critical	boolean	optional	If true (default), the certificate policies extension is critical. If false(default), the key certificate policies extension is not critical.
.. include	string	optional	Define if certificate policies should be included in the certificate. Possible values: `yes`: include certificate policies in the certificate `optional`: if provided, include certificate policies in the certificate `no`: do not include certificate policies in the certificate `default`: Use the "include" setting from the intermediate certificate authority (CA) certificate
.. source	array of strings	optional	Define the allowed sources for the `certificate_policies` value. Can include one or more of the values listed below in priority order, where `request` is the highest and `ca_config` is the least: `request`: use the values provided in the certificate request `template`: use the fixed values provided in the certificate template (see the value parameter below) `issuer`: use the values from the issuing certificate authority (CA) certificate (intermediate CA or root CA) `ca_config`: use the values from the intermediate CA certificate configuration Multiple sources If more than one source is specified and each source provides values, then only the values from the source with the highest priority will be used. For example, if request and `fixed_value` are listed, and both have values, the values from request will be used since it has the higher priority.
.. value	object	optional	List of certificate policies values that may be included in the certificate if source type is set to template
.. .. oid	string	required	Policy OID
.. .. cps_uri	string	optional	URI to access the CPS statement
.. .. user_notice	string	optional	User notice
.. required	object	optional	List of certificate policies values to always include in the certificate regardless of source type
.. .. oid	string	required	Policy OID
.. .. cps_uri	string	optional	URI to access the CSP statement
.. .. user_notice	string	optional	User notice
.. optional	object	optional	List of certificate policies values that can be used if the source type is request. If the list is empty and the source type is request, then any policy can be passed. If the source type is request and this list has any entries, then the requested policies OIDs must be in this list. The URI and Notice come from the certificate template's optional list and not the request, which means the request only indicates which policies to include but does not define the policies.
.. .. oid	string	required	Policy OID
.. .. cps_uri	string	optional	URI to access the CPS statement
.. .. user notice	string	optional	User notice

本节内容如下:

Was this helpful?