Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update certificate configuration files to fill required elements: #4

Open
OSkrdgz opened this issue May 16, 2022 · 0 comments
Open

Update certificate configuration files to fill required elements: #4

OSkrdgz opened this issue May 16, 2022 · 0 comments

Comments

@OSkrdgz
Copy link
Contributor

OSkrdgz commented May 16, 2022
edited
Loading

In order to generate the certifcates compliant with the standard the .cnf files corresponding to each certificatemust contain the required and critical extensions as specified in the Certificate profiles in Annex B of 15118-20.

x Required: issuing CA must make sure that this extension is present certificate validating entity must ensure that this extension is present
(x) Optional it is upto the discretion of the issuing CA and/or certificate requester to either include or omit this extension certificate validating entity must ignore the absence of this extension
- Must not be present issuing CA must make sure that this extension is not present certificate validating entity must ensure that this extension is not present
c This extension is critical, see IETF RFC 5280 if this extension is present, the certificate validating entity must process it. If an implementation recognizes that a “critical” extension is present, but the implementation cannot interpret the extension, the implementation has to reject the certificate. Quote from IETF RFC 5280: “A certificate-using system MUST reject the certificate if it encounters a critical extension it does not recognize or a critical extension that contains information that it cannot process." NOTE: IETF RFC 5280 has been updated by IETF RFC 6818, IETF RFC 8398 and IETF RFC 8399. These updates are considered to be included for this version of ISO 15118-20 standard.
nc This extension is non-critical, see IETF RFC 5280 if this extension is present, the certificate validating entity may ignore it if either the entity is unable to process the extension or if the requirements allow the entity to ignore the extension. If an implementation recognizes that a “non-critical” extension is present, but the implementation cannot interpret the extension, the extension can be ignored. Quote from IETF RFC 5280: “A non-critical extension MAY be ignored if it is not recognized, but MUST be processed if it is recognized." NOTE: IETF RFC 5280 has been updated by IETF RFC 6818, IETF RFC 8398 and IETF RFC 8399. These updates are considered to be included for this version of ISO 15118-20 standard.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@OSkrdgz