Complete Contents
About This Guide
PART 1: Overview and Demo Installation
Chapter 1 Introduction to Certificate Management System 4.0
Chapter 2 Default Demo Installation
PART 2: Planning and Installation
Chapter 3 Planning Your Deployment
Chapter 4 Installation Worksheet
Chapter 5 Installation and Configuration
Appendix A Migrating from Certificate Server 1.x
Appendix B Certificate Extensions
Appendix C Certificate Download Specification
Appendix D Using SSL with Enterprise Server 3.x
Appendix E Export Control Information
Glossary
Previous Next Contents Index Bookshelf


Appendix C Certificate Download Specification

This appendix describes the data formats used by Netscape Communicator 4.x for installing certificates. It also describes how certificates are imported into different environments.


Data Formats
Netscape products can accept certificates in several formats. Although the format can vary, the certificates themselves are X.509 version 1, 2, or 3.

Binary Formats

The Netscape certificate loader recognizes several binary formats, as follows.

Text Formats

Any of the above binary formats can also be imported in text form. The text form begins with the following line:

-----BEGIN CERTIFICATE-----

Following this line is the certificate data, which can be in any of the binary formats just described. This data should be base 64 encoded as described by RFC 1113. The data is followed by this line:

-----END CERTIFICATE-----


Importing Certificate Chains
Several of the supported formats can contain multiple certificates. When the Netscape certificate decoder encounters a collection of certificates, it handles them as follows:


Importing Certificates into Netscape Communicator
Communicator imports certificates via HTTP. There are several MIME content types that are used to indicate to Communicator what type of certificate is being imported. These MIME types are as follows:

Communicator checks that the size of the object being downloaded matches the size of the encoded certificates. Therefore it is important to ensure that no extra characters, such as NULL or Newline, are added at the end of the object.


Importing Certificates into Netscape Servers
Server certificates are imported via the server administration interface. Certificates are pasted into a text input field in an HTML form, and then the form is submitted to the administration server. Since the certificates are pasted into text fields, only the text formats described above are supported for servers.

The type of certificate being imported is specified by the server administrator by selections made on the administration pages. If a certificate chain is being imported, then the first certificate in the chain must be the server or CA certificate, and the server adds any subsequent certificates to the local database as untrusted CA certificates.

For detailed information about importing certificates into Netscape Enterprise Server and configuring it to support certificate-based client authentication, see Appendix D, "Using SSL with Enterprise Server 3.x" .


Object Identifiers
The base of all Netscape object IDs is

netscape OBJECT IDENTIFIER ::= { 2 16 840 1 113730 } 

The hexadecimal byte value of this OID, when DER-encoded, is

0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42

The following OIDs are mentioned in this document:

netscape-data-type OBJECT IDENTIFIER :: = { netscape 2 }

netscape-cert-sequence OBJECT IDENTIFIER :: = { netscape-data-type 5 }

 

© Copyright 1999 Netscape Communications Corp., a subsidiary of America Online, Inc. All rights reserved.