areterminals.Alphabeticsarecase-sensitive.
issuerName::=
subjectName::=
::=:
::=
::=
WhereisUTCtimeintheformYYYYMMDD[HH[MM[SS>].HH,MM,
andSSdefaultto00andareomittedifattheandofvalue00.
Examplevalidityencoding:
validity?-19991231%
isavalidityintervalwithnovaluefornotBeforeandavalueof
December31,1999fornotAfter.
Eachnamecomprisesasinglecharacternameformidentifierfollowed
byanamevalueofoneorUTF8characters.Withinanamevalue,when
itisnecessarytodisambiguateacharacterwhichhasformatting
significanceatanouterlevel,theescapesequence%xxSHALLbe
used,wherexxrepresentsthehexvaluefortheencodingconcerned.
Thepercentsymbolisrepresentedby%%.
::=X
Nameformsandvalueformatsareasfollows:
X.500Directorynameform(identifier"X"):
::=
::==
::=OID.
Standardattributetypeisanalphabeticattributetype
identifierfromthefollowingset:
C(country)
L(locality)
ST(stateorprovince)
O(organization)
OU(organizationalunit)
CN(commonname)
STREET(streetaddress)
E(E-mailaddress).
isanamecomponentintheformofaUTF8characterstring
of1to64characters,withtherestrictionthatintheIA5subsetof
UTF8onlythecharactersofASN.1PrintableStringmaybeused.
Othernameform(identifier"O"):
E-mailaddress(rfc822name)nameform(identifier"E"):
DNSnameform(identifier"D"):
URInameform(identifier"U"):
IPaddress(identifier"I"):
Forexample:
issuerName?XOU=OurCA,O=Acme,C=US%
subjectName?XCN=JohnSmith,O=Acme,C=US,E=john@acme.com%
References
[RFC1738]Berners-Lee,T.,Masinter,L.andM.McCahill,
"UniformResourceLocators(URL)",RFC1738,December1994.
AppendixC.ASN.1StructuresandOIDs
PKIXCRMF{iso(1)identified-organization(3)dod(6)internet(1)
security(5)mechanisms(5)pkix(7)id-mod(0)id-mod-crmf(5)}
CRMFDEFINITIONSIMPLICITTAGS::=
BEGIN
IMPORTS
--DirectoryAuthenticationFramework(X.509)
Version,AlgorithmIdentifier,Name,Time,
SubjectPublicKeyInfo,Extensions,UniqueIdentifier
FROMPKIX1Explicit88{iso(1)identified-organization(3)dod(6)
internet(1)security(5)mechanisms(5)pkix(7)id-mod(0)
id-pkix1-explicit-88(1)}
--CertificateExtensions(X.509)
GeneralName
FROMPKIX1Implicit88{iso(1)identified-organization(3)dod(6)
internet(1)security(5)mechanisms(5)pkix(7)id-mod(0)
id-pkix1-implicit-88(2)}
--CryptographicMessageSyntax
EnvelopedData
FROMCryptographicMessageSyntax{iso(1)member-body(2)
us(840)rsadsi(113549)pkcs(1)pkcs-9(9)smime(16)
modules(0)cms(1)};
CertReqMessages::=SEQUENCESIZE(1..MAX)OFCertReqMsg
CertReqMsg::=SEQUENCE{
certReqCertRequest,
popProofOfPossessionOPTIONAL,
--contentdependsuponkeytype
regInfoSEQUENCESIZE(1..MAX)OFAttributeTypeAndValueOPTIONAL}
CertRequest::=SEQUENCE{
certReqIdINTEGER,--IDformatchingrequestandreply
certTemplateCertTemplate,--Selectedfieldsofcerttobeissued
controlsControlsOPTIONAL}--Attributesaffectingissuance
CertTemplate::=SEQUENCE{
version[0]VersionOPTIONAL,
serialNumber[1]INTEGEROPTIONAL,
signingAlg[2]AlgorithmIdentifierOPTIONAL,
issuer[3]NameOPTIONAL,
validity[4]OptionalValidityOPTIONAL,
subject[5]NameOPTIONAL,
publicKey[6]SubjectPublicKeyInfoOPTIONAL,
issuerUID[7]UniqueIdentifierOPTIONAL,
subjectUID[8]UniqueIdentifierOPTIONAL,
extensions[9]ExtensionsOPTIONAL}
OptionalValidity::=SEQUENCE{
notBefore[0]TimeOPTIONAL,
notAfter[1]TimeOPTIONAL}--atleastoneMUSTbepresent
推荐阅读
- win7系统中提示未授予用户在此计算机上的请求登录类型的具体处理方法
- 升级iOS8一直显示已请求更新解决方法
- 学历证书是毕业证吗 学历证书是不是毕业证
- 消防员需要考应急救援员证书吗
- 一建报考条件有哪些
- 中级职业资格证书有什么用
- 辅修专业证书有用吗
- 作品登记证书是版权吗
- 请求注解 RFC介绍
- 如何考取cpr证书