Certificate extension: "acceptableCertPolicies"
(Acceptable certificate policies extension)
View at oid-info.com
The acceptable certificate policies field is used, in delegation with attribute certificates, to control the acceptable certificate policies under which the public-key certificates for subsequent holders in a delegation path need to have been issued. By enumerating a set of policies in this field, an AA is requiring that subsequent issuers in a delegation path only delegate the contained privileges to holders that have public-key certificates issued under one or more of the enumerated certificate policies. The policies listed here are not policies under which the attribute certificate was issued, but policies under which acceptable public-key certificates for subsequent holders need to have been issued.
More information can be found in Recommendation ITU-T X.509 (March 2000) and in ISO/IEC 9594-8 (2001): "Directory: Public-key and attribute certificate frameworks".
ITU-T SG 17 & ISO/IEC JTC 1/SC 6
| OID | Name | Sub children | Sub Nodes Total | Description |
|---|---|---|---|---|
| 2.5.29.1 | authorityKeyIdentifier | 0 | 0 | X.509 old Authority Key Identifier Deprecated, use {2 5 29 35} instead |
| 2.5.29.2 | keyAttributes | 0 | 0 | Obsolete |
| 2.5.29.3 | certificatePolicies | 0 | 0 | Certificate policies (obsolete but can be found in some VeriSign-issued certificates) |
| 2.5.29.4 | keyUsageRestriction | 0 | 0 | Obsolete |
| 2.5.29.5 | policyMapping | 0 | 0 | Obsolete |
| 2.5.29.6 | subtreesConstraint | 0 | 0 | Obsolete |
| 2.5.29.7 | subjectAltName | 0 | 0 | Obsolete |
| 2.5.29.8 | issuerAltName | 0 | 0 | Obsolete |
| 2.5.29.9 | subjectDirectoryAttributes | 0 | 0 | Subject directory attributes certificate extension |
| 2.5.29.10 | basicConstraints | 0 | 0 | X.509 id-ce (deprecated) |
| 2.5.29.11 | 11 | 0 | 0 | Obsolete |
| 2.5.29.12 | 12 | 0 | 0 | Obsolete |
| 2.5.29.13 | 13 | 0 | 0 | Obsolete |
| 2.5.29.14 | subjectKeyIdentifier | 0 | 0 | Subject key identifier. |
| 2.5.29.15 | keyUsage | 0 | 0 | Key usage. |
| 2.5.29.16 | privateKeyUsagePeriod | 0 | 0 | Private key usage period. |
| 2.5.29.17 | subjectAltName | 0 | 0 | Subject alternative name. |
| 2.5.29.18 | issuerAltName | 0 | 0 | Issuer alternative name. |
| 2.5.29.19 | basicConstraints | 0 | 0 | Basic constraints. |
| 2.5.29.20 | cRLNumber | 0 | 0 | CRL (Certificate Revocation List) number. |
| 2.5.29.21 | reasonCode | 0 | 0 | Reason code. |
| 2.5.29.22 | expirationDate | 0 | 0 | Obsolete |
| 2.5.29.23 | instructionCode | 0 | 0 | Hold instruction code |
| 2.5.29.24 | invalidityDate | 0 | 0 | Invalidity date. |
| 2.5.29.25 | cRLDistributionPoints | 0 | 0 | Obsolete |
| 2.5.29.26 | issuingDistributionPoint | 0 | 0 | Obsolete |
| 2.5.29.27 | deltaCRLIndicator | 0 | 0 | Certificate Revocation List indicator. |
| 2.5.29.28 | issuingDistributionPoint | 0 | 0 | Issuing distribution point. |
| 2.5.29.29 | certificateIssuer | 0 | 0 | Certificate issuer. |
| 2.5.29.30 | nameConstraints | 1 | 1 | Name constraints. |
| 2.5.29.31 | cRLDistributionPoints | 0 | 0 | Certificate Revocation List distribution points. |
| 2.5.29.32 | certificatePolicies | 1 | 1 | Certificate policies |
| 2.5.29.33 | policyMappings | 0 | 0 | Policy mappings. |
| 2.5.29.34 | policyConstraints | 0 | 0 | X.509 id-ce Deprecated, use {2 5 29 36} instead |
| 2.5.29.35 | authorityKeyIdentifier | 0 | 0 | Authority key identifier. |
| 2.5.29.36 | policyConstraints | 0 | 0 | Policy constraints. |
| 2.5.29.37 | extKeyUsage | 1 | 1 | Certificate extension: "extKeyUsage" (Extended key usage) |
| 2.5.29.38 | authorityAttributeIdentifier | 0 | 0 | Certificate extension: "authorityAttributeIdentifier" |
| 2.5.29.39 | roleSpecCertIdentifier | 0 | 0 | Certificate extension: "roleSpecCertIdentifier" (Role specification certificate identifier extension) |
| 2.5.29.40 | cRLStreamIdentifier | 0 | 0 | Certificate extension: "cRLStreamIdentifier" |
| 2.5.29.41 | basicAttConstraints | 0 | 0 | Certificate extension: "basicAttConstraints" |
| 2.5.29.42 | delegatedNameConstraints | 0 | 0 | Certificate extension: "delegatedNameConstraints" |
| 2.5.29.43 | timeSpecification | 0 | 0 | Certificate extension: "timeSpecification" |
| 2.5.29.44 | cRLScope | 0 | 0 | Certificate extension: "cRLScope" |
| 2.5.29.45 | statusReferrals | 0 | 0 | Certificate extension: "statusReferrals" |
| 2.5.29.46 | freshestCRL | 0 | 0 | Certificate extension: "freshestCRL" |
| 2.5.29.47 | orderedList | 0 | 0 | Certificate extension: "orderedList" |
| 2.5.29.48 | attributeDescriptor | 0 | 0 | Certificate extension: "attributeDescriptor" |
| 2.5.29.49 | userNotice | 0 | 0 | Certificate extension: "userNotice" |
| 2.5.29.50 | sOAIdentifier | 0 | 0 | Certificate extension: "sOAIdentifier" |
| 2.5.29.51 | baseUpdateTime | 0 | 0 | Certificate extension: "baseUpdateTime" |
| 2.5.29.53 | deltaInfo | 0 | 0 | Certificate extension: "deltaInfo" |
| 2.5.29.54 | inhibitAnyPolicy | 0 | 0 | X.509 version 3 certificate extension Inhibit Any-policy The inhibit any-policy extension can be used in certificates issued t… |
| 2.5.29.55 | targetInformation | 0 | 0 | Certificate extension: "targetInformation" (Targeting information extension) |
| 2.5.29.56 | noRevAvail | 0 | 0 | Certificate extension: "noRevAvail" (No revocation information extension) |
| 2.5.29.57 | acceptablePrivilegePolicies | 0 | 0 | Certificate extension: "acceptablePrivilegePolicies" |
| 2.5.29.58 | id-ce-toBeRevoked | 0 | 0 | None |
| 2.5.29.59 | id-ce-RevokedGroups | 0 | 0 | None |
| 2.5.29.60 | id-ce-expiredCertsOnCRL | 0 | 0 | None |
| 2.5.29.61 | indirectIssuer | 0 | 0 | (Attribute) certificate extension: "indirectIssuer" |
| 2.5.29.62 | id-ce-noAssertion | 0 | 0 | None |
| 2.5.29.63 | id-ce-aAissuingDistributionPoint | 0 | 0 | None |
| 2.5.29.64 | id-ce-issuedOnBehaIFOF | 0 | 0 | None |
| 2.5.29.65 | id-ce-singleUse | 0 | 0 | None |
| 2.5.29.66 | id-ce-groupAC | 0 | 0 | None |
| 2.5.29.67 | id-ce-allowedAttAss | 0 | 0 | None |
| 2.5.29.68 | id-ce-attributeMappings | 0 | 0 | None |
| 2.5.29.69 | id-ce-holderNameConstraints | 0 | 0 | None |