McAfee MEJCAE-AM-DA Product Guide - Page 53
Specifying certificate attributes, Attribute Name, Description
View all McAfee MEJCAE-AM-DA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 53 highlights
Working with X.509 Certificates Common X.509 options The following information appears: The issuer's DN Signed Key : Scott Tibson Signed User ID: Scott Tibson Signed Key ID : 0x196DE730 (0xFBC4D3B5196DE730) Name: CN=Scott Tibson, [email protected], O=McAfee, OU=EBS Issuer: CN=Root CA, [email protected] Signer Key ID: 0xD7C74275 (0x03534DC9D7C74275) Type: X.509 Exportable: Yes Created: 2001-06-01 Expires: 2002-06-01 Last CRL: N/A Next CRL: N/A The issuer assigned serial number Trust Depth: Serial Number: 0 9170E2A076CF0C8B4938 Specifying certificate attributes When you request an X.509 certificate from a public Certificate Authority (CA), or when you issue an X.509 certificate using E-Business Server, you can include certificate attributes, additional bits of information about the certificate that may be added to the certificate as per the CA's certification policies. To add certificate attributes to the certificate you are requesting or creating, include the --cert-attribute modifier. Valid X.509 attributes include-but are not limited to-the email address of the certificate holder (E), the name of the company to which the certificate belongs (O), the unit or group within the company to which the certificate belongs (OU), and the location of the company to which the certificate belongs (L). Certificate attributes are entered in name=value format. Name represents the type of attribute you want to define such as E, O, OU, or L. You can enter the complete attribute name (as one word, without any spaces) or the abbreviated version of the attribute name. Value represents your definition for the corresponding attribute. If the value contains spaces, then you must enclose it in quotes. For example, O="McAfee" indicates that the organization that owns the certificate is McAfee. You can list several certificate attributes when requesting or creating X.509 certificates. Simply precede each name=value pair with --cert-attribute. The attributes used on certificates is a policy decision of the CA. Typically, the following attributes are used for X.509 certificates. Attribute Name: CN (Common Name) E (EMAIL) O (Organization) OU (Organizational Unit) L (Locality) STREET ST (State) Description: Often a description of the type of certificate (e.g., "Root"). The email address for the certificate holder. Typically the name of the company to which the certificate belongs (e.g.,"Secure Company"). The department or group within the company to which the certificate belongs (e.g.,"Accounting"). The location of the holder of the certificate (e.g., "Santa Clara"). The street address of the holder of the certificate. The state of the holder of the certificate (e.g., "CA"). 51 E-Business Server™ 8.6 Product Guide