Defaults Reference458 Netscape Certificate Management System Administrator’s Guide • February 2003Name Constraints Extension DefaultThis default populates a name constraint extension in the certificate request. Theextension is used in CA certificates to indicate a name space within which subjectnames or subject alternative names in subsequent certificates in a certification pathor chain should be located.For general information about this extension, see “nameConstraints” on page 730.You can define the following constraints with this default:• Extension Constraint, see “Extension Constraint,” on page 475.• No Constraints, see “No Constraint,” on page 477.This default allows you to define 5 locations for both the permitted subtree and theexcluded subtree and specify parameters for each of these location. The parametersare marked with an in the table to distinguish that the parameter is associatedwith one of the five possible locations.decipherOnly Specifies whether to set the extension if the public key is to beused only for deciphering data. If this bit is set, keyAgreementshould also be set. Select true to set, select false to not set.Table 10-8 Name Constraints Extension Default Configuration ParametersParameter Descriptioncritical Select true to mark this extension critical; select false to mark theextension noncritical.permittedSubtrees.minSpecifies the minimum number of permitted subtrees.• -1 specifies that the field should not be set in the extension.• 0 specifies that the minimum number of subtrees is zero.• n must be an integer that is greater than zero. It specifies atthe most n subtrees are allowed.Table 10-7 Key Usage Extension Default Configuration Parameters (Continued)Parameter Description
