Luthienstar Networks Wiki

User Tools

Site Tools

Trace: pki
setup:pki

This is an old revision of the document!

Table of Contents

Public Key Infrastructure

Good extensions for certificates

Root CA

        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                xx:xx:xx:xx:xx:xx:xx:xx:xx:...:xx:xx:xx

Intermediate CA

Serial Number:
    xx:xx:xx:xx:...:xx
X509v3 extensions:
	X509v3 Key Usage: critical
		Certificate Sign, CRL Sign
	X509v3 Basic Constraints: critical
		CA:TRUE, pathlen:0
	X509v3 Subject Key Identifier:
		xx:xx:xx:xx:...:xx
	X509v3 Authority Key Identifier:
		keyid:xx:xx:xx:xx:...:xx

	Authority Information Access:
		OCSP - URI:http://ocsp.example.com/root

	X509v3 CRL Distribution Points:
		Full Name:
		  URI:http://crl.example.com/root.crl

	X509v3 Certificate Policies:
		Policy: X509v3 Any Policy
		  CPS: https://www.example.com/repository/

User certificate

Server certificate

OCSP certificate

About CRLs

Commands

setup/pki.1627568850.txt.gz · Last modified: 2021/07/29 16:27 by root
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki