Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added About section

This article lists the attribute certificate (AC) tasks that are done by registration officers in Smart ID Certificate Manager (CM), using both the Registration Authority (RA) in Certificate Manager and the Certificate Controller (CC) in Certificate Manager.

Child pages (Children Display)

About attribute certificates

Excerpt

Attribute certificates are signed objects that assert additional properties with respect to some identity certificate (also called base certificate). An attribute certificate has no associated key pair and consequently cannot be used to establish identity.

Attribute certificates can be thought of as extensions to identity certificates, even if the attribute certificate may be signed by a different CA than the base certificate. When the associated attributes are mainly used for the purpose of authorization, an attribute certificate is called authorization certificate. 

Attribute certificates typically have a much shorter lifetime than X.509 certificates.

Smart ID Certificate Manager supports attribute certificates version 2, as specified in RFC 3281, as well as the No Revocation Available (NoRevAvail) extension as specified in RFC 5755. An attribute certificate format with this extension is included in the Certificate Manager installation. An attribute certificate with the NoRevAvail extension is not possible to revoke.