An Issueror CA Certificateis an X.509 v3 Certificatethat identifies an authority that issues Certificates. An Issuer Certificatemay identify a root CA or an intermediate CA. Certificatesthat identify root CAs are self-signed Certificates. Certificatesthat identify intermediate CAs are issued by authority identified by an intermediate CA or root CA.
The X.509 v3 fields in Issuer Certificateswith specific requirements are shown in Table 45.
Field |
Description |
subject |
The distinguished name of for the authority. The Common Name attribute shall be specified. The Organization should be provided. Other attributes may be specified. |
authorityKeyIdentifier |
Provides more information about the key used to sign the Certificate. It shall be specified. |
basicConstraints |
The basicConstraintsfieldis completely described in RFC 5280. The cAflag Identifies whether the subject of the Certificateis a CA The pathLengthspecifies the maximum depth of valid chains that include this Certificate. The cAflag shall be TRUE for CA Certificates. |