Basic and standard certificate policies
The basic and standard certificate policies support the same fields: the standard policy supports additional certificate extensions.
The supported fields for both the basic and standard policies are as follows:- OuterSigAlgID 1
- Signature 2
- Version
- SerialNumber
- InnerSigAlgID 3
- Issuer
- Validity
- SubjectName
- SubjectPublicKeyInfo
- IssuerUniqueID
- SubjectUniqueID
The supported extensions for the basic policy are as follows. Where an entry is marked as "not supported", IBM MQ does not attempt to process extensions containing a field of that specific type, but does process other types of the same extension.
- AuthorityKeyID
- AuthorityInfoAccess
- SubjectKeyID
- IssuerAltName
- SubjectAltName
- KeyUsage
- BasicConstraints
- PrivateKeyUsage
- CRLDistributionPoints
- DistributionPoint
- DistributionPointName (X.500 Name and LDAP Format URI only)
- NameRelativeToCRLIssuer (not supported)
- Reasons (ignored)
- CRLIssuer fields (not supported)
- DistributionPoint
The supported extensions for the standard policy are all those listed for the basic policy and those in the following list. Where an entry is marked as "not supported", IBM MQ does not attempt to process extensions containing a field of that specific type, but does process other types of the same extension.
- NameConstraints
- ExtendedKeyUsage
- CertificatePolicies
- PolicyInformation
- PolicyIdentifier
- PolicyQualifiers (not supported)
- PolicyInformation
- PolicyMappings
- PolicyConstraints
Parent topic: Certificate validation and trust policy design on UNIX, Linux and Windows systems 1 This field is called signatureAlgorithm in RFC 5280.2 This field is called signatureValue in RFC 5280.3 This field is called signature in RFC 5280.