1SSL-PKIX {iso(1) identified-organization(3) dod(6) internet(1) 2 private(4) enterprices(1) ericsson(193) otp(19) ssl(10) 3 pkix1(1)} 4 5DEFINITIONS EXPLICIT TAGS ::= 6 7BEGIN 8 9-- EXPORTS ALL 10 11IMPORTS 12 -- Certificate (parts of) 13 Version, 14 CertificateSerialNumber, 15 --AlgorithmIdentifier, 16 Validity, 17 UniqueIdentifier, 18 19 -- AttribyteTypeAndValue 20 Name, 21 AttributeType, 22 id-at-name, 23 id-at-surname, 24 id-at-givenName, 25 id-at-initials, 26 id-at-generationQualifier, X520name, 27 id-at-commonName, X520CommonName, 28 id-at-localityName, X520LocalityName, 29 id-at-stateOrProvinceName, X520StateOrProvinceName, 30 id-at-organizationName, X520OrganizationName, 31 id-at-organizationalUnitName, X520OrganizationalUnitName, 32 id-at-title, X520Title, 33 id-at-dnQualifier, X520dnQualifier, 34 id-at-countryName, X520countryName, 35 id-at-serialNumber, X520SerialNumber, 36 id-at-pseudonym, X520Pseudonym, 37 id-domainComponent, DomainComponent, 38 id-emailAddress, EmailAddress, 39 40 -- Extension Attributes 41 common-name, CommonName, 42 teletex-common-name, TeletexCommonName, 43 teletex-personal-name, TeletexPersonalName, 44 pds-name, PDSName, 45 physical-delivery-country-name, PhysicalDeliveryCountryName, 46 postal-code, PostalCode, 47 physical-delivery-office-name, PhysicalDeliveryOfficeName, 48 physical-delivery-office-number, PhysicalDeliveryOfficeNumber, 49 extension-OR-address-components, ExtensionORAddressComponents, 50 physical-delivery-personal-name, PhysicalDeliveryPersonalName, 51 physical-delivery-organization-name, PhysicalDeliveryOrganizationName, 52 extension-physical-delivery-address-components, 53 ExtensionPhysicalDeliveryAddressComponents, 54 unformatted-postal-address, UnformattedPostalAddress, 55 street-address, StreetAddress, 56 post-office-box-address, PostOfficeBoxAddress, 57 poste-restante-address, PosteRestanteAddress, 58 unique-postal-name, UniquePostalName, 59 local-postal-attributes, LocalPostalAttributes, 60 extended-network-address, ExtendedNetworkAddress, 61 terminal-type, TerminalType, 62 teletex-domain-defined-attributes, TeletexDomainDefinedAttributes 63 64 FROM PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) 65 internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 66 id-pkix1-explicit(18) } 67 68 -- Extensions 69 id-ce-authorityKeyIdentifier, AuthorityKeyIdentifier, 70 id-ce-subjectKeyIdentifier, SubjectKeyIdentifier, 71 id-ce-keyUsage, KeyUsage, 72 id-ce-privateKeyUsagePeriod, PrivateKeyUsagePeriod, 73 id-ce-certificatePolicies, CertificatePolicies, 74 id-ce-policyMappings, PolicyMappings, 75 id-ce-subjectAltName, SubjectAltName, 76 id-ce-issuerAltName, IssuerAltName, 77 id-ce-subjectDirectoryAttributes, SubjectDirectoryAttributes, 78 id-ce-basicConstraints, BasicConstraints, 79 id-ce-nameConstraints, NameConstraints, 80 id-ce-policyConstraints, PolicyConstraints, 81 id-ce-cRLDistributionPoints, CRLDistributionPoints, 82 id-ce-extKeyUsage, ExtKeyUsageSyntax, 83 id-ce-inhibitAnyPolicy, InhibitAnyPolicy, 84 id-ce-freshestCRL, FreshestCRL, 85 id-pe-authorityInfoAccess, AuthorityInfoAccessSyntax, 86 id-pe-subjectInfoAccess, SubjectInfoAccessSyntax, 87 id-ce-cRLNumber, CRLNumber, 88 id-ce-issuingDistributionPoint, IssuingDistributionPoint, 89 id-ce-deltaCRLIndicator, BaseCRLNumber, 90 id-ce-cRLReasons, CRLReason, 91 id-ce-certificateIssuer, CertificateIssuer, 92 id-ce-holdInstructionCode, HoldInstructionCode, 93 id-ce-invalidityDate, InvalidityDate 94 95 FROM PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) 96 internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 97 id-pkix1-implicit(19) } 98 99 --Keys and Signatures 100 id-dsa, Dss-Parms, DSAPublicKey, 101 id-dsa-with-sha1, 102 md2WithRSAEncryption, 103 md5WithRSAEncryption, 104 sha1WithRSAEncryption, 105 rsaEncryption, RSAPublicKey, 106 dhpublicnumber, DomainParameters, DHPublicKey, 107 id-keyExchangeAlgorithm, KEA-Parms-Id, --KEA-PublicKey, 108 ecdsa-with-SHA1, 109 prime-field, Prime-p, 110 characteristic-two-field, --Characteristic-two, 111 gnBasis, 112 tpBasis, Trinomial, 113 ppBasis, Pentanomial, 114 id-ecPublicKey, EcpkParameters, ECPoint 115 FROM PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6) 116 internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 117 id-mod-pkix1-algorithms(17) }; 118 119-- 120-- Certificate 121-- 122 123Certificate ::= SEQUENCE { 124 tbsCertificate TBSCertificate, 125 signatureAlgorithm SignatureAlgorithm, 126 signature BIT STRING } 127 128TBSCertificate ::= SEQUENCE { 129 version [0] Version DEFAULT v1, 130 serialNumber CertificateSerialNumber, 131 signature SignatureAlgorithm, 132 issuer Name, 133 validity Validity, 134 subject Name, 135 subjectPublicKeyInfo SubjectPublicKeyInfo, 136 issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, 137 -- If present, version MUST be v2 or v3 138 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, 139 -- If present, version MUST be v2 or v3 140 extensions [3] Extensions OPTIONAL 141 -- If present, version MUST be v3 -- } 142 143 144-- Attribute type and values 145-- 146 147ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= CLASS { 148 &id AttributeType UNIQUE, 149 &Type } 150 WITH SYNTAX { 151 ID &id 152 TYPE &Type } 153 154AttributeTypeAndValue ::= SEQUENCE { 155 type ATTRIBUTE-TYPE-AND-VALUE-CLASS.&id 156 ({SupportedAttributeTypeAndValues}), 157 value ATTRIBUTE-TYPE-AND-VALUE-CLASS.&Type 158 ({SupportedAttributeTypeAndValues}{@type}) } 159 160SupportedAttributeTypeAndValues ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= 161 { name | surname | givenName | initials | generationQualifier | 162 commonName | localityName | stateOrProvinceName | organizationName | 163 organizationalUnitName | title | dnQualifier | countryName | 164 serialNumber | pseudonym | domainComponent | emailAddress } 165 166name ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 167 ID id-at-name 168 TYPE X520name } 169 170surname ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 171 ID id-at-surname 172 TYPE X520name } 173 174givenName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 175 ID id-at-givenName 176 TYPE X520name } 177 178initials ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 179 ID id-at-initials 180 TYPE X520name } 181 182generationQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 183 ID id-at-generationQualifier 184 TYPE X520name } 185 186commonName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 187 ID id-at-commonName 188 TYPE X520CommonName } 189 190localityName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 191 ID id-at-localityName 192 TYPE X520LocalityName } 193 194stateOrProvinceName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 195 ID id-at-stateOrProvinceName 196 TYPE X520StateOrProvinceName } 197 198organizationName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 199 ID id-at-organizationName 200 TYPE X520OrganizationName } 201 202organizationalUnitName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 203 ID id-at-organizationalUnitName 204 TYPE X520OrganizationalUnitName } 205 206title ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 207 ID id-at-title 208 TYPE X520Title } 209 210dnQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 211 ID id-at-dnQualifier 212 TYPE X520dnQualifier } 213 214countryName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 215 ID id-at-countryName 216 TYPE X520countryName } 217 218serialNumber ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 219 ID id-at-serialNumber 220 TYPE X520SerialNumber } 221 222pseudonym ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 223 ID id-at-pseudonym 224 TYPE X520Pseudonym } 225 226domainComponent ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 227 ID id-domainComponent 228 TYPE DomainComponent } 229 230emailAddress ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { 231 ID id-emailAddress 232 TYPE EmailAddress } 233 234-- 235-- Signature and Public Key Algorithms 236-- 237 238SubjectPublicKeyInfo ::= SEQUENCE { 239 algorithm SEQUENCE { 240 algo PUBLIC-KEY-ALGORITHM-CLASS.&id 241 ({SupportedPublicKeyAlgorithms}), 242 parameters PUBLIC-KEY-ALGORITHM-CLASS.&Type 243 ({SupportedPublicKeyAlgorithms}{@.algo}) 244 OPTIONAL 245 }, 246 subjectPublicKey PUBLIC-KEY-ALGORITHM-CLASS.&PublicKeyType 247 ({SupportedPublicKeyAlgorithms}{@algorithm.algo}) } 248 249-- The following is needed for conversion of SubjectPublicKeyInfo. 250 251SubjectPublicKeyInfo-Any ::= SEQUENCE { 252 algorithm PublicKeyAlgorithm, 253 subjectPublicKey ANY } 254 255 256SIGNATURE-ALGORITHM-CLASS ::= CLASS { 257 &id OBJECT IDENTIFIER UNIQUE, 258 &Type OPTIONAL } 259 WITH SYNTAX { 260 ID &id 261 [TYPE &Type] } 262 263PUBLIC-KEY-ALGORITHM-CLASS ::= CLASS { 264 &id OBJECT IDENTIFIER UNIQUE, 265 &Type OPTIONAL, 266 &PublicKeyType OPTIONAL } 267 WITH SYNTAX { 268 ID &id 269 [TYPE &Type] 270 [PUBLIC-KEY-TYPE &PublicKeyType] } 271 272SignatureAlgorithm ::= SEQUENCE { 273 algorithm SIGNATURE-ALGORITHM-CLASS.&id 274 ({SupportedSignatureAlgorithms}), 275 parameters SIGNATURE-ALGORITHM-CLASS.&Type 276 ({SupportedSignatureAlgorithms}{@algorithm}) 277 OPTIONAL } 278 279SignatureAlgorithm-Any ::= SEQUENCE { 280 algorithm OBJECT IDENTIFIER, 281 parameters ANY OPTIONAL } 282 283PublicKeyAlgorithm ::= SEQUENCE { 284 algorithm PUBLIC-KEY-ALGORITHM-CLASS.&id 285 ({SupportedPublicKeyAlgorithms}), 286 parameters PUBLIC-KEY-ALGORITHM-CLASS.&Type 287 ({SupportedPublicKeyAlgorithms}{@algorithm}) 288 OPTIONAL } 289 290SupportedSignatureAlgorithms SIGNATURE-ALGORITHM-CLASS ::= { 291 dsa-with-sha1 | md2-with-rsa-encryption | 292 md5-with-rsa-encryption | sha1-with-rsa-encryption | 293 ecdsa-with-sha1 } 294 295SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= { 296 dsa | rsa-encryption | dh | kea | ec-public-key } 297 298 -- DSA Keys and Signatures 299 300 -- SubjectPublicKeyInfo: 301 302 dsa PUBLIC-KEY-ALGORITHM-CLASS ::= { 303 ID id-dsa 304 TYPE Dss-Parms -- XXX Must be OPTIONAL 305 PUBLIC-KEY-TYPE DSAPublicKey } 306 307 -- Certificate.signatureAlgorithm 308 309 dsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= { 310 ID id-dsa-with-sha1 311 TYPE NULL } -- XXX Must be empty and not NULL 312 313 -- 314 -- RSA Keys and Signatures 315 -- 316 317 -- Certificate.signatureAlgorithm 318 319 md2-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { 320 ID md2WithRSAEncryption 321 TYPE NULL } 322 323 md5-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { 324 ID md5WithRSAEncryption 325 TYPE NULL } 326 327 sha1-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { 328 ID sha1WithRSAEncryption 329 TYPE NULL } 330 331 -- Certificate.signature 332 -- See PKCS #1 (RFC 2313). XXX 333 334 -- SubjectPublicKeyInfo: 335 336 rsa-encryption PUBLIC-KEY-ALGORITHM-CLASS ::= { 337 ID rsaEncryption 338 TYPE NULL 339 PUBLIC-KEY-TYPE RSAPublicKey } 340 341 -- 342 -- Diffie-Hellman Keys 343 -- 344 345 -- SubjectPublicKeyInfo: 346 347 dh PUBLIC-KEY-ALGORITHM-CLASS ::= { 348 ID dhpublicnumber 349 TYPE DomainParameters 350 PUBLIC-KEY-TYPE DHPublicKey } 351 352 -- There are no Diffie-Hellman signature algorithms 353 354 -- 355 -- KEA Keys 356 -- 357 358 -- SubjectPublicKeyInfo: 359 360 KEA-PublicKey ::= INTEGER 361 362 kea PUBLIC-KEY-ALGORITHM-CLASS ::= { 363 ID id-keyExchangeAlgorithm 364 TYPE KEA-Parms-Id 365 PUBLIC-KEY-TYPE KEA-PublicKey } 366 367 -- There are no KEA signature algorithms 368 369 -- 370 -- Elliptic Curve Keys, Signatures, and Curves 371 -- 372 373 -- Certificate.signatureAlgorithm 374 375 ecdsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= { 376 ID ecdsa-with-SHA1 377 TYPE NULL } -- XXX Must be empty and not NULL 378 379 FIELD-ID-CLASS ::= CLASS { 380 &id OBJECT IDENTIFIER UNIQUE, 381 &Type } 382 WITH SYNTAX { 383 ID &id 384 TYPE &Type } 385 386 FieldID ::= SEQUENCE { -- Finite field 387 fieldType FIELD-ID-CLASS.&id({SupportedFieldIds}), 388 parameters FIELD-ID-CLASS.&Type({SupportedFieldIds}{@fieldType}) } 389 390 SupportedFieldIds FIELD-ID-CLASS ::= { 391 field-prime-field | field-characteristic-two } 392 393 field-prime-field FIELD-ID-CLASS ::= { 394 ID prime-field 395 TYPE Prime-p } 396 397 CHARACTERISTIC-TWO-CLASS ::= CLASS { 398 &id OBJECT IDENTIFIER UNIQUE, 399 &Type } 400 WITH SYNTAX { 401 ID &id 402 TYPE &Type } 403 404 Characteristic-two ::= SEQUENCE { -- Finite field 405 m INTEGER, -- Field size 2^m 406 basis CHARACTERISTIC-TWO-CLASS.&id({SupportedCharacteristicTwos}), 407 parameters CHARACTERISTIC-TWO-CLASS.&Type 408 ({SupportedCharacteristicTwos}{@basis}) } 409 410 SupportedCharacteristicTwos CHARACTERISTIC-TWO-CLASS ::= { 411 gn-basis | tp-basis | pp-basis } 412 413 field-characteristic-two FIELD-ID-CLASS ::= { 414 ID characteristic-two-field 415 TYPE Characteristic-two } 416 417 gn-basis CHARACTERISTIC-TWO-CLASS ::= { 418 ID gnBasis 419 TYPE NULL } 420 421 tp-basis CHARACTERISTIC-TWO-CLASS ::= { 422 ID tpBasis 423 TYPE Trinomial } 424 425 pp-basis CHARACTERISTIC-TWO-CLASS ::= { 426 ID ppBasis 427 TYPE Pentanomial } 428 429 -- SubjectPublicKeyInfo.algorithm 430 431 ec-public-key PUBLIC-KEY-ALGORITHM-CLASS ::= { 432 ID id-ecPublicKey 433 TYPE EcpkParameters 434 PUBLIC-KEY-TYPE ECPoint } 435 436-- 437-- Extension Attributes 438-- 439 440EXTENSION-ATTRIBUTE-CLASS ::= CLASS { 441 &id INTEGER UNIQUE, 442 &Type } 443 WITH SYNTAX { 444 ID &id 445 TYPE &Type } 446 447ExtensionAttributes ::= SET SIZE (1..MAX) OF ExtensionAttribute 448 449-- XXX Below we should have extension-attribute-type and extension- 450-- attribute-value but Erlang ASN1 does not like it. 451ExtensionAttribute ::= SEQUENCE { 452 extensionAttributeType [0] IMPLICIT EXTENSION-ATTRIBUTE-CLASS.&id 453 ({SupportedExtensionAttributes}), 454 extensionAttributeValue [1] EXTENSION-ATTRIBUTE-CLASS.&Type 455 ({SupportedExtensionAttributes}{@extensionAttributeType}) } 456 457SupportedExtensionAttributes EXTENSION-ATTRIBUTE-CLASS ::= { 458 x400-common-name | 459 x400-teletex-common-name | 460 x400-teletex-personal-name | 461 x400-pds-name | 462 x400-physical-delivery-country-name | 463 x400-postal-code | 464 x400-physical-delivery-office-name | 465 x400-physical-delivery-office-number | 466 x400-extension-OR-address-components | 467 x400-physical-delivery-personal-name | 468 x400-physical-delivery-organization-name | 469 x400-extension-physical-delivery-address-components | 470 x400-unformatted-postal-address | 471 x400-street-address | 472 x400-post-office-box-address | 473 x400-poste-restante-address | 474 x400-unique-postal-name | 475 x400-local-postal-attributes | 476 x400-extended-network-address | 477 x400-terminal-type | 478 x400-teletex-domain-defined-attributes } 479 480-- Extension types and attribute values 481 482x400-common-name EXTENSION-ATTRIBUTE-CLASS ::= { 483 ID common-name 484 TYPE CommonName } 485 486x400-teletex-common-name EXTENSION-ATTRIBUTE-CLASS ::= { 487 ID teletex-common-name 488 TYPE TeletexCommonName } 489 490x400-teletex-personal-name EXTENSION-ATTRIBUTE-CLASS ::= { 491 ID teletex-personal-name 492 TYPE TeletexPersonalName } 493 494x400-pds-name EXTENSION-ATTRIBUTE-CLASS ::= { 495 ID pds-name 496 TYPE PDSName } 497 498x400-physical-delivery-country-name EXTENSION-ATTRIBUTE-CLASS ::= { 499 ID physical-delivery-country-name 500 TYPE PhysicalDeliveryCountryName } 501 502x400-postal-code EXTENSION-ATTRIBUTE-CLASS ::= { 503 ID postal-code 504 TYPE PostalCode } 505 506x400-physical-delivery-office-name EXTENSION-ATTRIBUTE-CLASS ::= { 507 ID physical-delivery-office-name 508 TYPE PhysicalDeliveryOfficeName } 509 510x400-physical-delivery-office-number EXTENSION-ATTRIBUTE-CLASS ::= { 511 ID physical-delivery-office-number 512 TYPE PhysicalDeliveryOfficeNumber } 513 514x400-extension-OR-address-components EXTENSION-ATTRIBUTE-CLASS ::= { 515 ID extension-OR-address-components 516 TYPE ExtensionORAddressComponents } 517 518x400-physical-delivery-personal-name EXTENSION-ATTRIBUTE-CLASS ::= { 519 ID physical-delivery-personal-name 520 TYPE PhysicalDeliveryPersonalName } 521 522x400-physical-delivery-organization-name EXTENSION-ATTRIBUTE-CLASS ::= { 523 ID physical-delivery-organization-name 524 TYPE PhysicalDeliveryOrganizationName } 525 526x400-extension-physical-delivery-address-components 527 EXTENSION-ATTRIBUTE-CLASS ::= { 528 ID extension-physical-delivery-address-components 529 TYPE ExtensionPhysicalDeliveryAddressComponents } 530 531x400-unformatted-postal-address EXTENSION-ATTRIBUTE-CLASS ::= { 532 ID unformatted-postal-address 533 TYPE UnformattedPostalAddress } 534 535x400-street-address EXTENSION-ATTRIBUTE-CLASS ::= { 536 ID street-address 537 TYPE StreetAddress } 538 539x400-post-office-box-address EXTENSION-ATTRIBUTE-CLASS ::= { 540 ID post-office-box-address 541 TYPE PostOfficeBoxAddress } 542 543x400-poste-restante-address EXTENSION-ATTRIBUTE-CLASS ::= { 544 ID poste-restante-address 545 TYPE PosteRestanteAddress } 546 547x400-unique-postal-name EXTENSION-ATTRIBUTE-CLASS ::= { 548 ID unique-postal-name 549 TYPE UniquePostalName } 550 551x400-local-postal-attributes EXTENSION-ATTRIBUTE-CLASS ::= { 552 ID local-postal-attributes 553 TYPE LocalPostalAttributes } 554 555x400-extended-network-address EXTENSION-ATTRIBUTE-CLASS ::= { 556 ID extended-network-address 557 TYPE ExtendedNetworkAddress } 558 559x400-terminal-type EXTENSION-ATTRIBUTE-CLASS ::= { 560 ID terminal-type 561 TYPE TerminalType } 562 563x400-teletex-domain-defined-attributes EXTENSION-ATTRIBUTE-CLASS ::= { 564 ID teletex-domain-defined-attributes 565 TYPE TeletexDomainDefinedAttributes } 566 567-- Extensions 568 569Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 570 571EXTENSION-CLASS ::= CLASS { 572 &id OBJECT IDENTIFIER UNIQUE, 573 &Type OPTIONAL} 574 WITH SYNTAX { 575 ID &id 576 [TYPE &Type] } 577 578Extension ::= SEQUENCE { 579 extnID EXTENSION-CLASS.&id({SupportedExtensions}), 580 critical BOOLEAN DEFAULT FALSE, 581 extnValue EXTENSION-CLASS.&Type({SupportedExtensions}{@extnID}) } 582 583-- The following is needed for conversion between Extension and Extension-Cd 584 585ObjId ::= OBJECT IDENTIFIER 586Boolean ::= BOOLEAN 587Any ::= ANY 588 589Extension-Any ::= SEQUENCE { 590 extnID OBJECT IDENTIFIER, 591 critical BOOLEAN DEFAULT FALSE, 592 extnValue ANY } 593 594SupportedExtensions EXTENSION-CLASS ::= { authorityKeyIdentifier | 595 subjectKeyIdentifier | keyUsage | privateKeyUsagePeriod | 596 certificatePolicies | policyMappings | subjectAltName | 597 issuerAltName | subjectDirectoryAttributes | basicConstraints | 598 nameConstraints | policyConstraints | cRLDistributionPoints | 599 extKeyUsage | inhibitAnyPolicy | freshestCRL | authorityInfoAccess | 600 subjectInfoAccess | cRLNumber | issuingDistributionPoint | 601 deltaCRLIndicator | cRLReasons | certificateIssuer | 602 holdInstructionCode | invalidityDate } 603 604authorityKeyIdentifier EXTENSION-CLASS ::= { 605 ID id-ce-authorityKeyIdentifier 606 TYPE AuthorityKeyIdentifier } 607 608subjectKeyIdentifier EXTENSION-CLASS ::= { 609 ID id-ce-subjectKeyIdentifier 610 TYPE SubjectKeyIdentifier } 611 612keyUsage EXTENSION-CLASS ::= { 613 ID id-ce-keyUsage 614 TYPE KeyUsage } 615 616privateKeyUsagePeriod EXTENSION-CLASS ::= { 617 ID id-ce-privateKeyUsagePeriod 618 TYPE PrivateKeyUsagePeriod } 619 620certificatePolicies EXTENSION-CLASS ::= { 621 ID id-ce-certificatePolicies 622 TYPE CertificatePolicies } 623 624policyMappings EXTENSION-CLASS ::= { 625 ID id-ce-policyMappings 626 TYPE PolicyMappings } 627 628subjectAltName EXTENSION-CLASS ::= { 629 ID id-ce-subjectAltName 630 TYPE SubjectAltName } 631 632issuerAltName EXTENSION-CLASS ::= { 633 ID id-ce-issuerAltName 634 TYPE IssuerAltName } 635 636subjectDirectoryAttributes EXTENSION-CLASS ::= { 637 ID id-ce-subjectDirectoryAttributes 638 TYPE SubjectDirectoryAttributes } 639 640basicConstraints EXTENSION-CLASS ::= { 641 ID id-ce-basicConstraints 642 TYPE BasicConstraints } 643 644nameConstraints EXTENSION-CLASS ::= { 645 ID id-ce-nameConstraints 646 TYPE NameConstraints } 647 648policyConstraints EXTENSION-CLASS ::= { 649 ID id-ce-policyConstraints 650 TYPE PolicyConstraints } 651 652cRLDistributionPoints EXTENSION-CLASS ::= { 653 ID id-ce-cRLDistributionPoints 654 TYPE CRLDistributionPoints } 655 656extKeyUsage EXTENSION-CLASS ::= { 657 ID id-ce-extKeyUsage 658 TYPE ExtKeyUsageSyntax } 659 660inhibitAnyPolicy EXTENSION-CLASS ::= { 661 ID id-ce-inhibitAnyPolicy 662 TYPE InhibitAnyPolicy } 663 664freshestCRL EXTENSION-CLASS ::= { 665 ID id-ce-freshestCRL 666 TYPE FreshestCRL } 667 668authorityInfoAccess EXTENSION-CLASS ::= { 669 ID id-pe-authorityInfoAccess 670 TYPE AuthorityInfoAccessSyntax } 671 672subjectInfoAccess EXTENSION-CLASS ::= { 673 ID id-pe-subjectInfoAccess 674 TYPE SubjectInfoAccessSyntax } 675 676cRLNumber EXTENSION-CLASS ::= { 677 ID id-ce-cRLNumber 678 TYPE CRLNumber } 679 680issuingDistributionPoint EXTENSION-CLASS ::= { 681 ID id-ce-issuingDistributionPoint 682 TYPE IssuingDistributionPoint } 683 684deltaCRLIndicator EXTENSION-CLASS ::= { 685 ID id-ce-deltaCRLIndicator 686 TYPE BaseCRLNumber } 687 688cRLReasons EXTENSION-CLASS ::= { 689 ID id-ce-cRLReasons 690 TYPE CRLReason } 691 692certificateIssuer EXTENSION-CLASS ::= { 693 ID id-ce-certificateIssuer 694 TYPE CertificateIssuer } 695 696holdInstructionCode EXTENSION-CLASS ::= { 697 ID id-ce-holdInstructionCode 698 TYPE HoldInstructionCode } 699 700invalidityDate EXTENSION-CLASS ::= { 701 ID id-ce-invalidityDate 702 TYPE InvalidityDate } 703 704END 705