Discuss this help topic in SecureBlackbox Forum

TElCertificatePoliciesExtension class

Properties     Methods     Declared in     

TElCertificatePoliciesExtension is a descendant of TElCustomExtention.


    The following paragraph is taken from RFC 2459 (Housley, et. al.), part

    «The certificate policies extension contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. These policy information terms indicate the policy under which the certificate has been issued and the purposes for which the certificate may be used. Optional qualifiers, which may be present, are not expected to change the definition of the policy.

    Applications with specific policy requirements are expected to have a list of those policies which they will accept and to compare the policy OIDs in the certificate to that list. If this extension is critical, the path validation software MUST be able to interpret this extension (including the optional qualifier), or MUST reject the certificate.

    To promote interoperability, this profile RECOMMENDS that policy information terms consist of only an OID. Where an OID alone is insufficient, this profile strongly recommends that use of qualifiers be limited to those identified in this section.

    This specification defines two policy qualifier types for use by certificate policy writers and certificate issuers. The qualifier types are the CPS Pointer and User Notice qualifiers.

    The CPS Pointer qualifier contains a pointer to a Certification Practice Statement (CPS) published by the CA. The pointer is in the form of a URI.

    User notice is intended for display to a relying party when a certificate is used. The application software SHOULD display all user notices in all certificates of the certification path used, except that if a notice is duplicated only one copy need be displayed. To prevent such duplication, this qualifier SHOULD only be present in end-entity certificates and CA certificates issued to other organizations.

    The user notice has two optional fields: the noticeRef field and the explicitText field.

    The noticeRef field, if used, names an organization and identifies, by number, a particular textual statement prepared by that organization. For example, it might identify the organization "CertsRUs" and notice number 1. In a typical implementation, the application software will have a notice file containing the current set of notices for CertsRUs; the application will extract the notice text from the file and display it. Messages may be multilingual, allowing the software to select the particular language message for its own environment.

    An explicitText field includes the textual statement directly in the certificate. The explicitText field is a string with a maximum size of 200 characters.

    If both the noticeRef and explicitText options are included in the one qualifier and if the application software can locate the notice text indicated by the noticeRef option then that text should be displayed; otherwise, the explicitText string should be displayed.»


Inherited from TElCustomExtension


Declared in

  • Namespace: SBX509Ext
  • Assembly: SecureBlackbox
  • Unit: SBX509Ext
  • Package: SecureBlackbox.Base.jar
  • sbx509ext.h

Discuss this help topic in SecureBlackbox Forum