Unaffiliated Individual Encryption Certificate Hardware Profile

Field Encryption Certificate Value
Version V3 (2)
Serial Number Must be unique
Issuer Signature Algorithm sha-1WithRSAEncryption
Issuer Distinguished Name cn=ORC ACES Unaffiliated, o=ORC PKI, c=US
Validity Period 2 years from date of issue
Subject Distinguished Name cn=<Subscriber Name>, ou=<State or Country>, c=US
Subject Public Key Information 1024 bit RSA key modulus, rsaEncryption
Issuer Unique Identifier Not Present
Subject Unique Identifier Not Present
Issuer’s Signature sha-1WithRSAEncryption
Extensions
Authority Key Identifier c=no; octet string
Subject Key Identifier c=no; octet string
Key Usage c=yes; keyEncipherment
Extended Key Usage c=no; {1 3 6 1 5 5 7 3 1}, {1 3 6 1 5 5 7 3 2}, {1 3 6 1 5 5 7 3 3}, {1 3 6 1 5 5 7 3 4}, {1 3 6 1 5 5 7 3 8}, {1 3 6 1 5 5 7 3 9}, {1 3 6 1 4 1 311 20 2 2}, {1 3 6 1 4 1 311 10 3 1}, {1 3 6 1 4 1 311 10 3 4}
Private Key Usage Period Not Present
Certificate Policies c=no; { 2 16 840 1 101 3 2 1 1 2}; optional: id-fpki-common-hardware::={2 16 840 1 101 3 2 1 3 7}
Policy Mapping Not Present
Subject Alternative Name c=no; always present, contains RFC822 e-mail address
Issuer Alternative Name Not Present
Subject Directory Attributes Not Present
Basic Constraints c=yes; cA=false
Name Constraints Not Present
Policy Constraints Not Present
Authority Information Access c=no; ocsp= http://eva.orc.com, caIssuers=ldap://aces-ds.orc.com/cn=ORC ACES Unaffiliated, o=ORC PKI, c=US?cacertificate;binary, caIssuers=http://aces.orc.com/caCerts/Unaffiliated.p7b
CRL Distribution Points c=no; always present, {ldap://aces-ds.orc.com/cn=ORC ACES Unaffiliated, o=ORC PKI, c=US?certificaterevocationlist;binary} {http://aces.orc.com/CRLs/Unaffiliated.crl}