|
<CertProfile> |
<! Verisign CA id of EV Certificate ––> |
<CAId value=” 3 C : 48 : 42 : 0D : FF : 58 : 1A : 38 : 86 : BC : FD : 41 : D4 : 8A : 41 : DE” /> |
<Profile Version value=” 5.0” /> |
<Subject type=” field” component=”O” presence=” Obligatory” /> |
<Subject type=” field” component=”CN” presence=” Obligatory” |
value=” dnshostname” valueExclude=”” /> |
<Subject type=” field” component=”C” presence=” Obligatory” /> |
<Subject type=” field” component=”L” presence=” Obligatory” /> |
<Subject type=” field” component=”ST” presence=” Obligatory” /> |
<! –– : this field MUST contain the Registration (or similar) |
Number assigned to the Subject by the Incorporating or Registration |
Agency in its Jurisdiction of Incorporation or Registration––> |
<Subject component=” ObjectIdentifier.2545.” Type=” field” |
presence=” Obligatory”/> |
<!–– : The validity period for an EV Certificate SHALL NOT exceed |
twenty seven months.––> |
<Validity type=” field” value=” 27” /> |
<DigestSignatureAlgorithm value=” (SHA-1∣SHA-256∣SHA-384∣SHA-512)” /> |
<KeySize component=” KeySize” value=” (1024∣2048)” /> |
<!–– : MUST be present and SHOULD NOT be marked critical. The set of |
policyIdentifiers MUST include the identifier for the CAs extended |
validation policy.––> |
<Certificate_Policies type=” extension” critical=” NotCritical” |
presence=” Obligatory” value=” oid” /> |
<!–– : SHOULD be present and MUST NOT be marked critical. It MUST |
contain the HTTP URL of the CAs CRL service. This extension MUST |
be present if the certificate does not specify OCSP responder.––> |
<CRL_Distribution_Point type=” extension” critical=” NotCritical” |
presence=” Obligatory” value=” httpservicehost” /> |
<!–– : SHOULD be present and MUST NOT be marked critical. SHALL |
contain the HTTP URL of the CAs OCSP responder. This extension |
MUST be present if the certificate does not contain a |
cRLDistributionPoint extension.––> |
<Authority_Information_Access type=” extension” critical=” NotCritical” |
presence=” Obligatory” value=” httpservicehost” /> |
<!–– : the presence of key usage extension is optional. If present, |
the CA field MUST be set false.––> |
<Basic_Constraints type=” extension” critical=” NotCritical” |
presence=”optional” value=” false” /> |
<!–– : the presence of key usage extension is optional. If present, |
bit positions for keyCertSign and cRLSign MUST NOT be set––> |
<key_Usage type=” extension” critical=” NotCritical” |
presence=” Optional” valueExclude=” (CertificateSigner∣CRLSigner)” /> |
</ CertProfile> |