cacert
/
signing-documentation
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add references to Google policy, use http for OCSP, CRL, CA issuers

Browse Source
main
Jan Dittberner 2 years ago committed by Jan Dittberner
parent d585be2381
commit f0ce9bb01e
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File

9
README.md
Unescape Escape View File

@ -126,12 +126,19 @@ The class 3 certificate must contain the following fields:
- [Extended Key Usage](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.1.12):
`server auth, client auth, email protection, code signing, OCSP signing, SmartCard logon, anyExtendedKeyUsage`
*Note:* this will not be sufficient to fulfill the
[Google requirements for S/MIME certificates](https://support.google.com/a/answer/7300887)
- [CRL Distribution Points](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.1.13):
http://crl.cacert.org/class3-revoke.crl
*Note:* CRL URLs must use the http URL scheme
- [Authority Information Access](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.2.1):
- CA issuers: https://www.cacert.org/certs/root_X0F.der
- CA issuers: http://www.cacert.org/certs/root_X0F.der
Reference the Root CA certificate's canonical DER URL
- OCSP: URI:http://ocsp.cacert.org/
*Note:* CA issuers and OCSP URLs must use the http URL scheme

Write Preview
Loading…
Cancel
Save