objectclass ( 2.5.6.23 NAME 'deltaCRL' SUP top AUXILIARY DESC 'Delta Certificate Revocation List' MAY ( deltaRevocationList )) objectclass ( 2.5.6.22 NAME 'pkiCA' SUP top AUXILIARY DESC 'CA certificate object' MAY (cACertificate $ certificateRevocationList $ authorityRevocationList $ crossCertificatePair )) objectclass ( 2.5.6.21 NAME 'pkiUser' SUP top AUXILIARY DESC 'End Entity Certificate' MAY ( userCertificate )) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.1 # NAME 'x509version' # DESC 'Version of the certificate, X.509(2000) 7, RFC2459 4.1.2.1' # EQUALITY integerMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 # SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.2 # NAME 'x509serialNumber' # DESC 'Unique integer for each cerfiticate issued by a # particular CA, X.509(2000) 7, RFC2459 4.1.2.2' # EQUALITY integerMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 # SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.3 # NAME 'x509signatureAlgorithm' # DESC 'OID of the algorithm and hash function used by the CA in # signing the certificate, X.509(2000) 7, RFC2459 4.1.2.3' # EQUALITY objectIdentifierMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 # SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.4 # NAME 'x509issuer' # DESC 'Distinguished name of the entity who has signed and # issued the certificate, X.509(2000) 7, RFC2459 4.1.2.4' # EQUALITY distinguishedNameMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 # SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.5 # NAME 'x509validityNotBefore' # DESC 'Date on which the certificate validity period begins, # X.509(2000) 7, RFC2459 4.1.2.5' # EQUALITY generalizedTimeMatch # ORDERING generalizedTimeOrderingMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 # SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.6 # NAME 'x509validityNotAfter' # DESC 'Date on which the certificate validity period ends, # X.509(2000) 7, RFC2459 4.1.2.5' # EQUALITY generalizedTimeMatch # ORDERING generalizedTimeOrderingMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 # SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.7 # NAME 'x509subject' # DESC 'Distinguished name of the entity associated with this # public-key, X.509(2000) 7, RFC2459 4.1.2.6' # EQUALITY distinguishedNameMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 # SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.8 # NAME 'x509subjectPublicKeyInfoAlgorithm' # DESC 'OID of the algorithm which this public key is an # instance of, X.509(2000) 7, RFC2459 4.1.2.7' # EQUALITY objectIdentifierMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 # SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.14 # NAME 'x509subjectKeyIdentifier' # DESC 'Key identifier which must be unique with respect to all # key identifiers for the subject, X.509(2000) 8.2.2.2, # RFC2459 4.2.1.2' # EQUALITY octetStringMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 # SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.15 # NAME 'x509keyUsage' # DESC 'Purpose for which the certified public key is used, # X.509(2000) 8.2.2.3, RFC2459 4.2.1.3' # EQUALITY caseIgnoreMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.16 # NAME 'x509policyInformationIdentifier' # DESC 'OID which indicates the policy under which the # certificate has been issued and the purposes for which # the certificate may be used, X.509(2000) 8.2.2.6, RFC2459 # 4.2.1.5' # EQUALITY objectIdentifierMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 # SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.17 # NAME 'x509subjectAltNameRfc822Name' # DESC 'Internet electronic mail address, X.509(2000) 8.3.2.1, # RFC2459 4.2.1.7' # EQUALITY caseIgnoreMatch # SUBSTR caseIgnoreSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.18 # NAME 'x509subjectAltNameDnsName' # DESC 'Internet domain name, X.509(2000) 8.3.2.1, RFC2459 # 4.2.1.7' # EQUALITY caseIgnoreMatch # SUBSTR caseIgnoreSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.19 # NAME 'x509subjectAltNameDirectoryName' # DESC 'Distinguished name, X.509(2000) 8.3.2.1, RFC2459 # 4.2.1.7' # EQUALITY distinguishedNameMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.20 # NAME 'x509subjectAltNameUniformResourceIdentifier' # DESC 'Uniform Resource Identifier for the World-Wide Web, # X.509(2000) 8.3.2.1, RFC2459 4.2.1.7' # EQUALITY caseExactMatch # SUBSTR caseExactSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.21 # NAME 'x509subjectAltNameIpAddress' # DESC 'Internet Protocol address, X.509(2000) 8.3.2.1, RFC2459 # 4.2.1.7' # EQUALITY caseIgnoreMatch # SUBSTR caseIgnoreSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.22 # NAME 'x509subjectAltNameRegisteredID' # DESC 'OID of any registered object, X.509(2000) 8.3.2.1, # RFC2459 4.2.1.7' # EQUALITY objectIdentifierMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.23 # NAME 'x509isssuerAltNameRfc822Name' # DESC 'Internet electronic mail address, X.509(2000) 8.3.2.2, # RFC2459 4.2.1.8' # EQUALITY caseIgnoreMatch # SUBSTR caseIgnoreSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.24 # NAME 'x509isssuerAltNameDnsName' # DESC 'Internet domain name, X.509(2000) 8.3.2.2, RFC2459 # 4.2.1.8' # EQUALITY caseIgnoreMatch # SUBSTR caseIgnoreSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.25 # NAME 'x509isssuerAltNameDirectoryName' # DESC 'Distinguished name, X.509(2000) 8.3.2.2, RFC2459 # 4.2.1.8' # EQUALITY distinguishedNameMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.26 # NAME 'x509isssuerAltNameUniformResourceIdentifier' # DESC 'Uniform Resource Identifier for the World-Wide Web, # X.509(2000) 8.3.2.2, RFC2459 4.2.1.8' # EQUALITY caseExactMatch # SUBSTR caseExactSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.27 # NAME 'x509isssuerAltNameIpAddress' # DESC 'Internet Protocol address, X.509(2000) 8.3.2.2, RFC2459 # 4.2.1.8' # EQUALITY caseIgnoreMatch # SUBSTR caseIgnoreSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.28 # NAME 'x509isssuerAltNameRegisteredID' # DESC 'OID of any registered object, X.509(2000) 8.3.2.2, # RFC2459 4.2.1.8' # EQUALITY objectIdentifierMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.30 # NAME 'x509extKeyUsage' # DESC 'Purposes for which the certified public key may be used # (identified by OID), X.509(2000) 8.2.2.4, RFC2459 4.2.1.13' # EQUALITY objectIdentifierMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) #attributetype ( 1.3.6.1.4.1.10126.1.5.3.31 # NAME 'x509cRLDistributionPointURI' # DESC 'DistributionPointName of type URI, X.509(2000) 8.6.2.1, RFC2459 4.2.1.13' # EQUALITY caseExactMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # #objectclass ( 1.3.6.1.4.1.10126.1.5.4.2.1 # NAME 'x509certificate' # STRUCTURAL # MUST ( x509serialNumber $ x509signatureAlgorithm $ x509issuer $ # x509validityNotBefore $ x509validityNotAfter $ x509subject $ # x509subjectPublicKeyInfoAlgorithm ) # MAY ( mail $ # x509subjectKeyIdentifier $ x509keyUsage $ # x509policyInformationIdentifier $ # x509subjectAltNameRfc822Name $ x509subjectAltNameDnsName $ # x509subjectAltNameDirectoryName $ x509subjectAltNameURI $ # x509subjectAltNameIpAddress $ x509subjectAltNameRegisteredID $ # x509isssuerAltNameRfc822Name $ x509isssuerAltNameDnsName $ # x509isssuerAltNameDirectoryName $ x509isssuerAltNameURI $ # x509isssuerAltNameIpAddress $ x509isssuerAltNameRegisteredID $ # x509basicConstraintsCa $ x509extKeyUsage $ # x509cRLDistributionPoint ) ) ## MAY ( mail $ x509authorityKeyIdentifier $ ## x509authorityCertIssuer $ x509authorityCertSerialNumber $