An Issuer or CA Certificate is an X.509 v3 Certificate that identifies an authority that issues Certificates. An Issuer Certificate may identify a root CA or an intermediate CA. Certificates that identify root CAs are self-signed Certificates. Certificates that identify intermediate CAs are issued by authority identified by an intermediate CA or root CA.
The X.509 v3 fields in Issuer Certificates with specific requirements are shown in Table 45.
Table 45 – Issuer Certificate
|subject||The distinguished name of for the authority. The Common Name attribute shall be specified. The Organization should be provided. Other attributes may be specified.The subject field is completely described in RFC 5280.|
|authorityKeyIdentifier||Provides more information about the key used to sign the Certificate. It shall be specified.|
|basicConstraints||The basicConstraints field is completely described in RFC 5280. The cA flag Identifies whether the subject of the Certificate is a CA The pathLength specifies the maximum depth of valid chains that include this Certificate.The cA flag shall be TRUE for CA Certificates.|