Defaults ReferenceChapter 10 Certificate Profiles 455• Extension Constraint, see “Extension Constraint,” on page 475• No Constraints, see “No Constraint,” on page 477.Freshest CRL Extension DefaultThis default populates the Freshest CRL extension in the certificate request. TheFreshest CRL Extension Default enables you to configure a CertificateManager to set the FreshestCRL Extension in certificate.You can define the following constraints with this default:• Extension Constraint, see “Extension Constraint,” on page 475.• No Constraints, see “No Constraint,” on page 477.This default allows you to define 5 locations and specify parameters for eachlocation. The parameters are marked with an in the table to distinguish that theparameter is associated with one of the five possible locations.Table 10-5 Extended Key Usage Extension Default Configuration ParametersParameter DescriptionCritical Select true to mark this extension critical; select false to mark theextension noncritical.OIDs Specifies the OID that identifies a key-usage purpose.Permissible values: A unique, valid OID specified in thedot-separated numeric component notation. Depending on thekey-usage purposes, you may choose to use the OIDs designatedby PKIX (listed in Table 10-4 on page 454) or define your ownOIDs. If you’re defining your own OID, it should be in theregistered subtree of IDs reserved for your company’s use.Although you can invent your own OIDs for the purposes ofevaluating and testing this server, in a production environment,you should comply with the ISO rules for defining OIDs and forregistering subtrees of IDs. See Appendix H, “ObjectIdentifiers” for information on allocating private OIDs.Example: 2.16.840.1.113730.1.99
