Authorized CA Certificate Profile

Field Subordinate CA Value
Version V3 (2)
Serial Number Must be unique
Issuer Signature Algorithm sha-1WithRSAEncryption {1 2 840 113549 1 1 5}
Issuer Distinguished Name cn=ORC Government ROOT, o=ORC PKI, c=US
Validity Period 6 years from date of issue in UTCT format
Subject Distinguished Name cn=ORC ACES <CA Name>, o=ORC PKI, c=US
Subject Public Key Information 1024 bit RSA key modulus, rsaEncryption {1 2 840 113549 1 1 1}
Issuer Unique Identifier Not Present
Subject Unique Identifier Not Present
Issuer’s Signature sha-1WithRSAEncryption {1 2 840 113549 1 1 5}
Extensions
Authority Key Identifier Octet String (20 byte SHA-1 hash of the binary DER encoding of the ECA Root CA’s public key information)
Subject Key Identifier Octet String (20 byte SHA-1 hash of the binary DER encoding of the ECA public key information)
Key Usage c=yes; digitalSignature, nonRepudiation, keyCertSign, cRLSign
Extended Key Usage Not Present
Private Key Usage Period Not Present
Certificate Policies c=no; { 2 16 840 1 101 3 2 1 1 1 }
Policy Mapping Not Present
Subject Alternative Name Not Present
Issuer Alternative Name Not Present
Subject Directory Attributes Not Present
Basic Constraints c=yes; CA=True
Name Constraints Not Present
Policy Constraints Not Present
Authority Information Access c=no; ocsp= http://eva.orc.com, caIssuers=ldap://aces-ds.orc.com/cn=ORC Government Root, o=ORC PKI, c=US?cacertificate;binary, caIssuers=http://aces.orc.com/ caCerts/ORC Government Root.p7b
Subject Information Access c=no; id-ad-caRepository=ldap://aces-ds.orc.com/
CRL Distribution Points c=no; always present, {ldap://aces-ds.orc.com/cn= ORC Government Root, o=ORC PKI, c=US?certificaterevocationlist;binary} {http://aces.orc.com/CRLs/ORC Government Root.crl}