Netscape Certificate Extensions

Communicator 4.0 Version

Send comments to: cert-ext@netscape.com

Netscape Defined Certificate Extensions

This is the list of certificate extensions implemented in Communicator 1.0:
netscape-cert-type:
This extension can be used to limit the applications for a certificate.  If the extension exists in a certificate, it will limit the uses of the certificate to those specified.  If the extension is not present, the certificate can be used for all applications except Object Signing.
The value is a bit-string, where the individual bit positions are defined as:
bit-0 SSL client - this cert is certified for SSL client authentication use
bit-1 SSL server - this cert is certified for SSL server authentication use
bit-2 S/MIME - this cert is certified for use by clients(New in PR3)
bit-3 Object Signing - this cert is certified for signing objects such as Java applets and plugins(New in PR3)
bit-4 Reserved - this bit is reserved for future use
bit-5 SSL CA - this cert is certified for issuing certs for SSL use
bit-6 S/MIME CA - this cert is certified for issuing certs for S/MIME use(New in PR3)
bit-7 Object Signing CA - this cert is certified for issuing certs for Object Signing(New in PR3)
netscape-base-url:
The value is an IA5String. When present this string is added to the beginning of all relative URLs in the certificate. This extension can be considered an optimization to reduce the size of the URL extensions.
netscape-revocation-url:
The value is an IA5String. It is a relative or absolute URL that can be used to check the revocation status of a certificate. The revocation check will be performed as an HTTP GET method using a url that is the concatenation of revocation-url and certificate-serial-number. Where the certificate-serial-number is encoded as a string of ascii hexadecimal digits. For example, if the netscape-base-url is https://www.certs-r-us.com/, the netscape-revocation-url is cgi-bin/check-rev.cgi?, and the certificate serial number is 173420, the resulting URL would be:
https://www.certs-r-us.com/cgi-bin/check-rev.cgi?02a56c
The server should return a document with a Content-Type of application/x-netscape-revocation. The document should contain a single ascii digit, '1' if the certificate is not curently valid, and '0' if it is curently valid.
netscape-ca-revocation-url:
The value is an IA5String. It is a relative or absolute URL that can be used to check the revocation status of any certificates that are signed by the CA that this certificate belongs to. This extension is only valid in CA certificates. The use of this extension is the same as the netscape-revocation-url extension.
netscape-cert-renewal-url:
The value is an IA5String. It is a relative or absolute URL that points to a certificate renewal form. The renewal form will be accessed with an HTTP GET method using a url that is the concatenation of renewal-url and certificate-serial-number. Where the certificate-serial-number is encoded as a string of ascii hexadecimal digits. For example, if the netscape-base-url is https://www.certs-r-us.com/, the netscape-cert-renewal-url is cgi-bin/check-renew.cgi?, and the certificate serial number is 173420, the resulting URL would be:
https://www.certs-r-us.com/cgi-bin/check-renew.cgi?02a56c
The document returned should be an HTML form that will allow the user to request a renewal of their certificate.
netscape-ca-policy-url:
The value is an IA5String. It is a relative or absolute URL that points to a web page that describes the policies under which the certificate was issued.
netscape-ssl-server-name:
The value is an IA5String. It is a "shell expression" that can be used to match the hostname of the SSL server that is using this certificate. It is recommended that if the server's hostname does not match this pattern the user be notified and given the option to terminate the SSL connection. If this extension is not present then the CommonName in the certificate subject's distinguished name is used for the same purpose.
netscape-comment:
The value is an IA5String. It is a comment that may be displayed to the user when the certificate is viewed.
Note: for all of the above URLs that include the certificate serial number, the serial number will be encoded as a string which consists of an even number of hexadecimal digits. If the number of significant digits is odd, the string will have a single leading zero to ensure an even number of digits is generated.

Standard Extensions

Netscape Communicator supports the following standard certificate extensions as defined by X509 Version 3 and PKIX.
keyUsage:
If this extension exists and is critical, then it will be used to enforce the usage of the cert/key. The following table describes the keyUsage values required for various operations:
Application
Required 
keyUsage 
Values
SSL Client digitalSignature
SSL Server keyEncipherment
S/MIME Signing digitalSignature
S/MIME Encryption keyEncipherment
Certificate Signing keyCertSign
Object Signing digitalSignature
Note that if the keyUsage extension is not present, or is present but not critical, then the cert/key can be used for any type of operation.
If the keyUsage extension is present (critical or not), it will be used to select from multiple certs for a given operation. For example, it will be used to distinguish seperate signing and encryption certs for users who have seperate certs/keys for these operations.
basicConstraints:
The basicConstraints extension is used during the certificate chain verification process to identify CA certificates and to apply certificate chain path length constraints. The cA component should be set to true for certificate authority certificates.
If the pathLenConstraint component is present, its value must be greater than the number of CA certificates that have been processed so far (starting with the end-entity certificate and moving up the chain). If pathLenConstraint is omitted, then all of the higher level CA certificates in the chain must not include this component when the extension is present.
See section below regarding the interaction of basicConstraint and the netscape-cert-type extension.
This extension is evaluated regardless of its criticality.
authorityKeyIdentifier:
This extension is used to identify which of several CA certs with the same subject name is the correct issuer of a particular certificate. If the keyIdentifier component exists, then it is used to select the certificate with a matching subjectKeyIdentifier extension. If the authorityCertIssuer and authorityCertSerialNumber are present, then they are used to identify the correct certificate by issuer and serialNumber. Only the directoryName form of authorityCertIssuer is supported.
If this extension does not exist, then the issuer name alone will be used to identify the issuer certificate.
This extension is evaluated regardless of its criticality.
subjectKeyIdentifier:
This extension is used to uniquely identify a certificate from among several that have the same subject name. If the extension is not present, its value is calculated by performing a SHA-1 hash of the certificate's DER encoded subjectPublicKeyInfo, as recommended by PKIX.

Recommendations

basicConstraints, netscape-cert-type, and CA certs

It is strongly recommended that all CA certificates contain the basicConstraints extension, as this is the standard way to identify a CA certificate. For those CAs that wish to limit the applications being certified for, the netscape-cert-type extension may be used. There are several cases to consider:
only basicConstraints present:
The cert is a CA cert if the cA component is true. Path length processing is done as described above.
only netscape-cert-type present:
The cert is a CA if at least one of the CA bits is set(bits 5, 6, and 7). The certificates issued by this CA will be limited to the particular applications specified. Path length processing is done as though the pathLenConstraint is unlimited.
neither extension present:
The cert is not a CA.
both extensions present:
The cert is a CA cert if the cA component of basicConstraints is true. If any of the CA bits in the netscape-cert-type extension are set(bits 5, 6, 7) , then the CA will be limited to issuing certs for the specified application areas, otherwise the CA may issuer certs for any application.

Cert chaining and CA certs

A cert chain will generally consist of an entity cert, zero or more intermediate CA certs, and a root CA cert. Typically the root CA cert will be self signed, and will be loaded into the Communicator's certificate database as a trusted CA.

When an exchange of certs takes place (generally during an SSL handshake, sending an S/MIME message, or sending a signed object) the sender is expected to send the subject cert, and any intermediate CA certs needed to link the subject cert to the trusted root. In order for cert chaining to work properly the certs should have the following properties:

Object Signing Certificates

Object Signing Certificates must have the netscape-cert-type extension.  Object Signing CA certs must have the Object Signing CA bit set.  Object Signing certs must have the Object Signing bit set.


Netscape Object Identifiers

The base of all Netscape object ids is:
netscape OBJECT IDENTIFIER ::= { 2 16 840 1 113730 }

The DER encoding for the above is 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42.

Note that this is the Hexadecimal byte value of the DER encoded OID.

The values for certificate extension names are:

netscape-cert-extension OBJECT IDENTIFIER :: = { netscape 1 }
netscape-cert-type OBJECT IDENTIFIER ::= { netscape-cert-extension 1 }
netscape-base-url OBJECT IDENTIFIER ::= { netscape-cert-extension 2 }
netscape-revocation-url OBJECT IDENTIFIER ::= { netscape-cert-extension 3 }
netscape-ca-revocation-url OBJECT IDENTIFIER ::= { netscape-cert-extension 4 }
netscape-cert-renewal-url OBJECT IDENTIFIER ::= { netscape-cert-extension 7 }
netscape-ca-policy-url OBJECT IDENTIFIER ::= { netscape-cert-extension 8 }
netscape-ssl-server-name OBJECT IDENTIFIER ::= { netscape-cert-extension 12 }
netscape-comment OBJECT IDENTIFIER ::= { netscape-cert-extension 13 }