X.509 version 3 certificate extension Inhibit Any-policy
The inhibit any-policy extension can be used in certificates issued to CAs. The inhibit any-policy indicates that the special anyPolicy OID, with the value { 2 5 29 32 0 }, is not considered an explicit match for other certificate policies. The value indicates the number of additional certificates that may appear in the path before anyPolicy is no longer permitted. For example, a value of one indicates that anyPolicy may be processed in certificates issued by the subject of this certificate, but not in additional certificates in the path.
This extension MUST be critical.
InhibitAnyPolicy ::= SkipCerts
SkipCerts ::= INTEGER (0..MAX)
View at oid-info.com
Defined in RFC 3280.
Used for example in Recommendation ITU-T X.509 (March 2000) and in ISO/IEC 9594-8 (2001): "Directory: Public-key and attribute certificate frameworks".
ITU-T SG 17 & ISO/IEC JTC 1/SC 6
| OID | Name | Sub children | Sub Nodes Total | Description |
|---|---|---|---|---|
| 2.5.29.1 | authorityKeyIdentifier | 0 | 0 | X.509 old Authority Key Identifier Deprecated, use {2 5 29 35} instead |
| 2.5.29.2 | keyAttributes | 0 | 0 | Obsolete |
| 2.5.29.3 | certificatePolicies | 0 | 0 | Certificate policies (obsolete but can be found in some VeriSign-issued certificates) |
| 2.5.29.4 | keyUsageRestriction | 0 | 0 | Obsolete |
| 2.5.29.5 | policyMapping | 0 | 0 | Obsolete |
| 2.5.29.6 | subtreesConstraint | 0 | 0 | Obsolete |
| 2.5.29.7 | subjectAltName | 0 | 0 | Obsolete |
| 2.5.29.8 | issuerAltName | 0 | 0 | Obsolete |
| 2.5.29.9 | subjectDirectoryAttributes | 0 | 0 | Subject directory attributes certificate extension |
| 2.5.29.10 | basicConstraints | 0 | 0 | X.509 id-ce (deprecated) |
| 2.5.29.11 | 11 | 0 | 0 | Obsolete |
| 2.5.29.12 | 12 | 0 | 0 | Obsolete |
| 2.5.29.13 | 13 | 0 | 0 | Obsolete |
| 2.5.29.14 | subjectKeyIdentifier | 0 | 0 | Subject key identifier. |
| 2.5.29.15 | keyUsage | 0 | 0 | Key usage. |
| 2.5.29.16 | privateKeyUsagePeriod | 0 | 0 | Private key usage period. |
| 2.5.29.17 | subjectAltName | 0 | 0 | Subject alternative name. |
| 2.5.29.18 | issuerAltName | 0 | 0 | Issuer alternative name. |
| 2.5.29.19 | basicConstraints | 0 | 0 | Basic constraints. |
| 2.5.29.20 | cRLNumber | 0 | 0 | CRL (Certificate Revocation List) number. |
| 2.5.29.21 | reasonCode | 0 | 0 | Reason code. |
| 2.5.29.22 | expirationDate | 0 | 0 | Obsolete |
| 2.5.29.23 | instructionCode | 0 | 0 | Hold instruction code |
| 2.5.29.24 | invalidityDate | 0 | 0 | Invalidity date. |
| 2.5.29.25 | cRLDistributionPoints | 0 | 0 | Obsolete |
| 2.5.29.26 | issuingDistributionPoint | 0 | 0 | Obsolete |
| 2.5.29.27 | deltaCRLIndicator | 0 | 0 | Certificate Revocation List indicator. |
| 2.5.29.28 | issuingDistributionPoint | 0 | 0 | Issuing distribution point. |
| 2.5.29.29 | certificateIssuer | 0 | 0 | Certificate issuer. |
| 2.5.29.30 | nameConstraints | 1 | 1 | Name constraints. |
| 2.5.29.31 | cRLDistributionPoints | 0 | 0 | Certificate Revocation List distribution points. |
| 2.5.29.32 | certificatePolicies | 1 | 1 | Certificate policies |
| 2.5.29.33 | policyMappings | 0 | 0 | Policy mappings. |
| 2.5.29.34 | policyConstraints | 0 | 0 | X.509 id-ce Deprecated, use {2 5 29 36} instead |
| 2.5.29.35 | authorityKeyIdentifier | 0 | 0 | Authority key identifier. |
| 2.5.29.36 | policyConstraints | 0 | 0 | Policy constraints. |
| 2.5.29.37 | extKeyUsage | 1 | 1 | Certificate extension: "extKeyUsage" (Extended key usage) |
| 2.5.29.38 | authorityAttributeIdentifier | 0 | 0 | Certificate extension: "authorityAttributeIdentifier" |
| 2.5.29.39 | roleSpecCertIdentifier | 0 | 0 | Certificate extension: "roleSpecCertIdentifier" (Role specification certificate identifier extension) |
| 2.5.29.40 | cRLStreamIdentifier | 0 | 0 | Certificate extension: "cRLStreamIdentifier" |
| 2.5.29.41 | basicAttConstraints | 0 | 0 | Certificate extension: "basicAttConstraints" |
| 2.5.29.42 | delegatedNameConstraints | 0 | 0 | Certificate extension: "delegatedNameConstraints" |
| 2.5.29.43 | timeSpecification | 0 | 0 | Certificate extension: "timeSpecification" |
| 2.5.29.44 | cRLScope | 0 | 0 | Certificate extension: "cRLScope" |
| 2.5.29.45 | statusReferrals | 0 | 0 | Certificate extension: "statusReferrals" |
| 2.5.29.46 | freshestCRL | 0 | 0 | Certificate extension: "freshestCRL" |
| 2.5.29.47 | orderedList | 0 | 0 | Certificate extension: "orderedList" |
| 2.5.29.48 | attributeDescriptor | 0 | 0 | Certificate extension: "attributeDescriptor" |
| 2.5.29.49 | userNotice | 0 | 0 | Certificate extension: "userNotice" |
| 2.5.29.50 | sOAIdentifier | 0 | 0 | Certificate extension: "sOAIdentifier" |
| 2.5.29.51 | baseUpdateTime | 0 | 0 | Certificate extension: "baseUpdateTime" |
| 2.5.29.52 | acceptableCertPolicies | 0 | 0 | Certificate extension: "acceptableCertPolicies" (Acceptable certificate policies extension) |
| 2.5.29.53 | deltaInfo | 0 | 0 | Certificate extension: "deltaInfo" |
| 2.5.29.55 | targetInformation | 0 | 0 | Certificate extension: "targetInformation" (Targeting information extension) |
| 2.5.29.56 | noRevAvail | 0 | 0 | Certificate extension: "noRevAvail" (No revocation information extension) |
| 2.5.29.57 | acceptablePrivilegePolicies | 0 | 0 | Certificate extension: "acceptablePrivilegePolicies" |
| 2.5.29.58 | id-ce-toBeRevoked | 0 | 0 | None |
| 2.5.29.59 | id-ce-RevokedGroups | 0 | 0 | None |
| 2.5.29.60 | id-ce-expiredCertsOnCRL | 0 | 0 | None |
| 2.5.29.61 | indirectIssuer | 0 | 0 | (Attribute) certificate extension: "indirectIssuer" |
| 2.5.29.62 | id-ce-noAssertion | 0 | 0 | None |
| 2.5.29.63 | id-ce-aAissuingDistributionPoint | 0 | 0 | None |
| 2.5.29.64 | id-ce-issuedOnBehaIFOF | 0 | 0 | None |
| 2.5.29.65 | id-ce-singleUse | 0 | 0 | None |
| 2.5.29.66 | id-ce-groupAC | 0 | 0 | None |
| 2.5.29.67 | id-ce-allowedAttAss | 0 | 0 | None |
| 2.5.29.68 | id-ce-attributeMappings | 0 | 0 | None |
| 2.5.29.69 | id-ce-holderNameConstraints | 0 | 0 | None |