US Higher Education Root (USHER)
Certification Authority Certificate Profile

This profile is for the USHER CA's Root Certificate

Version 10: November 8, 2005

HEPKI CA Certificate Profile Summary Table

Field Name Value Example Specified Explanation

Version 0x2 0x2 Y A version 3 certificate is specified

Serial Number a unique integer 1 Y

Signature Algorithm SHA1/RSA Y

Issuer DN Same as Subject - see below Y

Validity Time 20 Years Y We plan to rekey after 10 years. Sooner if needed, perhaps later if possible.

Subject DN cn=US Higher Education Root Certification Authority, o=USHERCA, c=US Y We will not use DC Naming to avoid potential interoperability problems.

Public Key Y A 2048 bit RSA key will be used

Certificate Extensions

Key Usage Certificate Signing , Off-line CRL Signing , CRL Signing(06) Y This extension will be marked critical

Basic Constraints CA=true Subject Type = CA Y Critical; No Path Length will be specified.

Certificate Policy HEPKI CA Policy OID Y Not critical; we will allocate a policy OID for the CA and include it in the certificate.

CPS Pointer URI http://www.usherca.org/practices/cps.pdf Y Not critical. A redacted version of the practices document will be made available on-line in PDF format

Authority Key Identifier KeyID See RFC-3280 for details Y Not critical. Only the keyIdentifier field will be populated.

Subject Key Identifier KeyID See RFC-3280 for details Y Not critical. Only the keyIdentifier field will be populated.

HEPKI CA Certificate Profile Summary Table
Field Name	Value	Example	Specified	Explanation
Version	0x2	0x2	Y	A version 3 certificate is specified
Serial Number	a unique integer	1	Y
Signature Algorithm	SHA1/RSA		Y
Issuer	DN	Same as Subject - see below	Y
Validity	Time	20 Years	Y	We plan to rekey after 10 years. Sooner if needed, perhaps later if possible.
Subject	DN	cn=US Higher Education Root Certification Authority, o=USHERCA, c=US	Y	We will not use DC Naming to avoid potential interoperability problems.
Public Key			Y	A 2048 bit RSA key will be used
Certificate Extensions
Key Usage		Certificate Signing , Off-line CRL Signing , CRL Signing(06)	Y	This extension will be marked critical
Basic Constraints	CA=true	Subject Type = CA	Y	Critical; No Path Length will be specified.
Certificate Policy	HEPKI CA Policy OID		Y	Not critical; we will allocate a policy OID for the CA and include it in the certificate.
CPS Pointer	URI	http://www.usherca.org/practices/cps.pdf	Y	Not critical. A redacted version of the practices document will be made available on-line in PDF format
Authority Key Identifier	KeyID	See RFC-3280 for details	Y	Not critical. Only the keyIdentifier field will be populated.
Subject Key Identifier	KeyID	See RFC-3280 for details	Y	Not critical. Only the keyIdentifier field will be populated.

CA Certificate Profile Summary Table

Specified column legend

Y	The profile specifies the use of this field as documented.
N	The profile does not specify the usage but may recommend a way to use the field.
?	Still undecided.
italics	Example of an optional element.

US Higher Education Root (USHER) Certification Authority Certificate Profile

This profile is for the USHER CA's Root Certificate

CA Certificate Profile Summary Table

US Higher Education Root (USHER)
Certification Authority Certificate Profile