Extension-Specific Policy Module ReferenceChapter 11 Policies 513AuthorityKeyIdentifierExtThe AuthorityKeyIdentifierExt plug-in module enables you to add theAuthority Key Identifier Extension to certificates. The extension is used to identify thepublic key that corresponds to the private key used by a CA to sign certificates.For general information about this extension, see “authorityKeyIdentifier” onpage 724.For information on setting the subject key identifier extension in certificates, see“SubjectKeyIdentifierExt” on page 562.• If you selected URL, the value must be a non-relative universal resource identifier(URI) following the URL syntax and encoding rules. That is, the name mustinclude both a scheme (for example, http) and a fully qualified domain name orIP address of the host. For example,http://ocspResponder.example.com:8000• If you selected iPAddress, the value must be a valid IP address specified indot-separated numeric component notation. The syntax for specifying the IPaddress is as follows:IPv4 address must be in the n.n.n.n format; for example, 128.21.39.40. IPv4address with netmask must be in the n.n.n.n,m.m.m.m format. For example,128.21.39.40,255.255.255.00.For IP version 6 (IPv6), the address should be in the form with netmask separatedby a comma. Examples of IPv6 addresses with no netmask are0:0:0:0:0:0:13.1.68.3 and FF01::43. Examples of IPv6 addresses withnetmask are 0:0:0:0:0:0:13.1.68.3,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:255.255.255.0 andFF01::43,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FF00:0000.• If you selected OID, the value must be a unique, valid OID specified indot-separated numeric component notation. Although you can invent your ownOIDs for the purposes of evaluating and testing this server, in a productionenvironment, you should comply with the ISO rules for defining OIDs and forregistering subtrees of IDs. See << Appendix B, “ObjectIdentifiers”>>> for information on allocating private OIDs. For example,1.2.3.4.55.6.5.99.• If you selected otherName, the value must be the absolute path to the filecontaining the base-64 encoded string of the location. For example,/usr/netscape/servers/ext/aia/othername.txt.Table 11-15 AuthInfoAccessExt Configuration Parameters (Continued)Parameter Description
