In addition to Michaels' explanation, certificates can be used to validate or
support a wide variety of private key or public key functions. Certificate
extensions define the function of [mostly] the private key usage.
For example, its probably inappropriate for a server to sign CRLs or other
digital certificates. So a server certificate limits private key use by setting
the key usage extension to only those functions necessary for SSL (usually only
encryption and digital signature, not key certificate sign or CRL sign).
(The private key can still be used for pretty much anything, but the certificate
limits the use of the public key to "reverse" the process. Certificate parsers
check this value and should only support those functions defined in key usage.)
A token request may only contain a key usage of digital signature and may only
be used for end entity authentication and not to support encryption.
Bill
Michael Bell wrote:
> Sasidharan M wrote:
>
> >Why do we have so many different type of user request (Basic Request ,
> >Netscape's Request , Server Request , IE Request & Token Request )?
> >
>
> There are several reasons:
>
> 1. Every vendor has it's own idea how to create a request (Netscape and IE)
> 2. Some softwareproducts simply output a file (server like Apache, ldap ...)
> 3. Some softwareproducts cannot create requests (basic request - konqueror)
> 4. Sometimes all cryptooperation should be done by the Operators (token
> request - the smartcard will be initialized by the RA Operator)
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
