Oracle® Application Server Certificate Authority Administrator's Guide
10g Release 2 (10.1.2) B14080-02 |
|
Previous |
Next |
Oracle Application Server Certificate Authority is compliant with the X.509 V3 and IETF's PKIX standards, and supports standard extensions as described in this Appendix.
OracleAS Certificate Authority enables users to select the function of a requested certificate to fit their intended applications and their enterprise policies. The default as shipped is "Authentication, Encryption, and Signing," but the administrator can configure a different choice, which then becomes the preselected default for that site. Table D-1 shows the possible choices:
Table D-1 Types of Certificate Usage
Function | Description |
---|---|
Enables secure identification when requesting or providing access or services, such as when logging into an enterprise portal. (Typically, SSL protocol is used.) |
|
Enables encrypting and decrypting electronic documents |
|
Enables verifiable signature for (and assures non-tampering of) electronic documents, including email (using S/MIME, the Secure Multipurpose Internet Mail Extension) |
|
Authentication, Encryption |
Certificate can be used for both purposes. |
Authentication, Signing |
Certificate can be used for both purposes. |
Authentication, Encryption, and Signing |
Certificate can be used for all three purposes. |
Encryption, Signing |
Certificate can be used for both purposes. |
Used to sign users' certificates or Certificate Revocation List (CRL). |
|
Provides verifiable signature for the provider of (and assures non-tampering of) Java code, JavaScript, and other signed files. |
Certain policies apply to certificates intended for particular uses, as described in Table D-2.
Table D-2 Policies Applied for Particular Certificate Usages
Certificate Usage | Basic Constraints (Critical) | Key Usage (Non Critical) | Extended Key Usage (Non Critical) | Subject Alternate Name (Non Critical) |
---|---|---|---|---|
CA certificate |
CA flag set to true PathLength: + root CA (generated during installation), value hardcoded to 3 root CA (generated using |
Signing Certificates (Keys) Signing CRLs |
|
|
Client Authentication |
|
Digital Signature |
rfc822Name=email AND/OR otherName=UID |
|
Server Authentication |
|
Digital Signature Key Encipherment |
rfc822Name=email AND/OR otherName=UID |
|
Signing |
|
Digital Signature Non-Repudiation |
rfc822Name=email AND/OR otherName=UID |
|
Encryption |
|
Data Encipherment Key Encipherment |
emailProtection |
|
Code Signing |
|
Digital Signature |
rfc822Name=email AND/OR otherName=UID |