In order to promote interoperability this policy strongly encourages conforming CAs to issue certificates profiling them accordingly to RFC 3280. In every case CPS MUST detail the specific profile adopted.
The version
field in the certificate SHALL
state 2, indicating X.509v3 certificates.
In compliance with RFC 3280, the inclusion of the following certificate extensions is RECOMMENDED:
subjectKeyIdentifier | NOT CRITICAL |
authorityKeyIdentifier | NOT CRITICAL |
basicConstraints | CRITICAL |
keyUsage | CRITICAL |
certificatePolicies | NOT CRITICAL |
cRLDistributionPoint | NOT CRITICAL |
subjectAltNames | NOT CRITICAL |
Other certificate policy object identifiers are applicable if and only if the other policies identified are compliant with this policy. Conforming CA MUST contact the maintainers of the various policies to verify the level of mutual compliance. However in order to promote interoperability, following RFC 3280, this policy suggests to include only one certificate policy object identifier in a certificate.
The certificates issued under this CP SHOULD NOT use the policy qualifiers.