Strawman for the
InCommon Root Certification Authority Certificate Profile

Draft 2: July 30, 2003

InCommon CA Certificate Profile Summary Table

Field Name Value Example Explanation

Version 0x2 0x2 A version 3 certificates is specified

Serial Number a unique integer 1

Signature Algorithm SHA1/RSA

Issuer DN Same as Subject - see below

Validity Time 10 Years We will rekey every five years.

Subject DN cn=InCommon Certification Authority, o=Internet2, c=US

Public Key A 2048 bit key will be used

Certificate Extensions

Key Usage Certificate Signing , Off-line CRL Signing , CRL Signing(06) The extension will be marked Critical

Basic Constraints CA=true Subject Type = CA Critical; No Path Length will be specified.

CRL Distribution Points http://incommonca-1.internet2.edu/crl/incommonca.crl
http://incommonca-2.internet2.edu/crl/incommonca.crl At least two CRL distribution points using servers located at different points on the Internet will be specified.

Certificate Policy InCommon CA Policy OID Internet2 will allocate a Policy OID for the InCommon CA and place this OID in all certificates that it issues

Subject Alt Name E= email:pkimaster@incommonca.internet2.edu

Issuer Alt Name E= email:pkimaster@incommonca.internet2.edu

CPS Pointer URI http://incommonca.internet2.edu/practices/ca.html

InCommon CA Certificate Profile Summary Table
Field Name	Value	Example	Explanation
Version	0x2	0x2	A version 3 certificates is specified
Serial Number	a unique integer	1
Signature Algorithm	SHA1/RSA
Issuer	DN	Same as Subject - see below
Validity	Time	10 Years	We will rekey every five years.
Subject	DN	cn=InCommon Certification Authority, o=Internet2, c=US
Public Key			A 2048 bit key will be used
Certificate Extensions
Key Usage		Certificate Signing , Off-line CRL Signing , CRL Signing(06)	The extension will be marked Critical
Basic Constraints	CA=true	Subject Type = CA	Critical; No Path Length will be specified.
CRL Distribution Points		http://incommonca-1.internet2.edu/crl/incommonca.crl http://incommonca-2.internet2.edu/crl/incommonca.crl	At least two CRL distribution points using servers located at different points on the Internet will be specified.
Certificate Policy	InCommon CA Policy OID		Internet2 will allocate a Policy OID for the InCommon CA and place this OID in all certificates that it issues
Subject Alt Name	E=	email:pkimaster@incommonca.internet2.edu
Issuer Alt Name	E=	email:pkimaster@incommonca.internet2.edu
CPS Pointer	URI	http://incommonca.internet2.edu/practices/ca.html

Strawman for the InCommon Root Certification Authority Certificate Profile

Strawman for the
InCommon Root Certification Authority Certificate Profile