NSCertTypeExt Plug-in ModuleChapter 4 Certificate Extension Plug-in Modules 213NSCertTypeExt Plug-in ModuleThe NSCertTypeExt plug-in module implements the Netscape certificate typeextension policy. This policy enables you to configure Certificate ManagementSystem to add the Netscape Certificate Type extension to certificates. The extensionidentifies the certificate type—for example, it identifies whether the certificate is aCA certificate, server SSL certificate, client SSL certificate, object signing certificate,or S/MIME certificate—and thus enables you to restrict the usage of a certificate topredetermined purposes.• If the extension exists in a certificate, it limits the uses of the certificate to thosespecified (it limits the applications for a certificate).• If the extension is not present, the certificate can be used for all applicationsexcept object signing.The Netscape certificate type extension is a string of boolean bit-flags, each bitidentifying the purpose for which a certificate to be used. Table 4-18 lists the bitsand their designated purposes. The extension has no default value.Table 4-18 Netscape certificate type extension bits and designated purposesBit Purpose Description0 SSL Client Specifies that the certificate can be used by clients for authenticationduring SSL connections.1 SSL Server Specifies that the certificate can be used by servers for authenticationduring SSL connections.2 S/MIME Specifies that the certificate can be used to send secure emailmessages.3 Object Signing Specifies that the certificate can be used for signing objects such asJava applets and plug-ins.4 Reserved This bit is reserved for future use.5 SSL CA Specifies that the certificate can be used by a CA to issue certificatesfor SSL connections.6 S/MIME CA Specifies that the certificate can be used by a CA to issue certificatesfor secure email.7 Object Signing CA Specifies that the certificate can be used by a CA to issue certificatesfor object signing.