Skip to content

Latest commit

 

History

History
31 lines (28 loc) · 5.4 KB

certificate-profile-server-authentication.md

File metadata and controls

31 lines (28 loc) · 5.4 KB

Server Authentication Certificate Profile (Public TLS Certificates)

Field Value
Version V3 (2)
Serial Number Must be a unique positive integer with a minimum of 64 bits
Issuer Signature Algorithm sha256 WithRSAEncryption {1 2 840 113549 1 1 11}
Issuer Distinguished Name Unique X.500 Issuing CA DN as specified in Section 7.1.4 of this CP
Validity Period Expressed in UTC Time for dates until end of 2049 and Generalized Time for dates thereafter
No longer than 36 months from date of issue
Subject Distinguished Name Unique X.500 CA DN as specified in Section 7.1.4 of this CP

Geo-political SDNs:
CN (optional) (deprecated in favor of Subject Alternative Names) If present, must match IP address or FQDN listed in subjectAltName extensions
Organization Name (optional) If present, must contain legal name of subject
Organization Unit (optional)
Country (required) two-letter ISO 3166-1 country code - US

Domain Component Names:
If present, TLD must be .mil or .gov and name must contain second level domain IAW registry.
(each X.500 DN each RDN is a printableString where possible and contains a single attribute type and attribute value tuple. RDN of type DC are encoded as IA5string. )
Subject Public Key Information Public key algorithm associated with the public key.
May be either RSA or elliptic curve.
RSA Encryption {1.2.840.113549.1.1.1}
Elliptic curve key {1.2.840.10045.2.1}
Parameters:
For RSA, parameters field is populated with NULL.
For ECC Implicitly specify parameters through an OID associated with a NIST approved curve referenced in 800-78-1:
Curve P-256 {1.2.840.10045.3.1.7}
Curve P-384 {1.3.132.0.34}
Curve P-521 {1.3.132.0.35}

For RSA public keys, modulus must be 2048, 3072, or 4096 bits, an odd integer, not the power of a prime, with no factors < 752. Public exponent must be an odd integer ≥ 3 (recommended that it be between 216+1 and 2256-1.) (Source: Appendix A, CA/Browser Forum, Baseline Requirements)
For ECC, public key must be at least 224 bits.
Issuer Signature sha256 WithRSAEncryption {1 2 840 113549 1 1 11}
Extension Required Critical Value
Authority Key Identifier Mandatory False Octet String: Derived using the SHA-1 hash of the Issuer’s public key. Must match SKI of issuing CA Certificate
basicConstraints Optional True If present:
C=yes, cA=False
Subject Key Identifier Mandatory False Octet String
Derived using SHA-1 hash of the public key
Key Usage Mandatory True Required Key Usage:
Digital Signature

Optional Key Usage:
Key Encipherment for RSA Keys
Key Agreement for Elliptic Curve

Prohibited Key Usage:
keyCertSign and cRLSign
Extended Key Usage False Required Extended Key Usage:
Server Authentication id-kp-serverAuth {1.3.6.1.5.5.7.3.1}

Optional Extended Key Usage:
Client Authentication id-kp-clientAuth {1.3.6.1.5.5.7.3.2}
Additional EKUs may be included that are consistent with Server authentication

Prohibited Extended Key Usage:
anyEKU EKU {2.5.29.37.0}
all others
Certificate Policies Mandatory False Required Certificate Policy Fields:
At least one certificate policy OID defined or listed in Section 1.2 of the CP

Optional Certificate Policy Fields:
certificatePolicies:policyQualifiers
policyQualifierId id-qt 1
qualifier:cPSuri
Subject Alternative Name Optional False
Authority Information Access Mandatory False Required AIA Fields
OCSP
Publicly accessible URI of Issuing CA's OCSP responder accessMethod = {1.3.6.1.5.5.7.48.1}

Id-ad-caIssuers
Publicly accessible URI of Issuing CA’s certificate accessMethod = {1.3.6.1.5.5.7.48.2}
Shall include at least 1 instance of an HTTP URL
CRL Distribution Points Mandatory False At least one HTTP URI to the location of a publicly accessible CRL. The reasons and cRLIssuer fields must be omitted.
nameConstraints Optional False If present, any combination of permitted and excluded subtrees may appear. If permitted and excluded subtrees overlap the excluded take precedence.
Permitted dnsNames should be included.
IP addresses should all be excluded.
IssuerAltName Optional False
Subject Directory Attributes Optional False
Private Extensions Optional False Must not cause interoperability issues. Only extensions that have context for use on the public Internet. CA must be aware of reason for including in the certificate.
Private Key Usage Period Optional False
Transparency Information Mandatory False Must include one or more SCTs or inclusion proofs.
From RFC 6962-bis (1.3.101.75) contains one or more.
"TransItem" structures in a "TransItemList"