System information
• Requester email The email address of the certificate requester.
• Requester phone The phone number of the certificate requester.
• Profile policy sets
The different policy sets that are set by default on caUserCert are listed in Table 3.2,
“caUserCert Profile Policy Sets”.
Profile Policy Set Defaults Constraints
userCertSet.1 (SubjectName) No defaults
userCertSet.2 (Validity) range = 180 days The range is less than 365
days. The notbefore and
notafter date checks are
turned off.
userCertSet.3 (Key) No defaults
keytype = RSA
a
keyminLength = 512
keymaxLength = 4096
b
userCertSet.4 (Authority Key
Identifier)
No defaults No constraints
userCertSet.5 (AIA extension)
authinfoaccesscritical = false
authinfoaccessADMethod_0=
OID
authinfoaccessADLocationType_0=URIName
authinfoaccessADEnable_0=true
authinfoaccessADLocation_0=
No constraints
userCertSet.6 (Key Usage) Populates a Key Usage
extension (2.5.29.15) to the
request. The default values
are as follows:
Criticality=true
Digital Signature=true
Non-Repudiation=true
Key Encipherment=true
Data Encipherment=false
Key Agreement=false
Key Certificate Sign=false
Key CRL Sign=false
Encipher Only=false
Decipher Only=false
Accepts the Key Usage
extension, if present, only
when the default values are
set.
userCertSet.7 - Extended Key
Usage
Populates an Extended Key
Usage extension to the
No constraints
Chapter 3. CA: Working with Certificate Profiles
26