Help banner

Specify a Key Size and Usage

Key Size
Use the drop-down list to select a key size.

You should choose a large key size (2048 or higher) if possible. Larger keys are harder to break and provide a more secure environment for your cryptography-enabled application.

Note: Novell® Certificate Server queries the server that the Certificate Authority (CA) is associated with for the largest key size it supports. NICI supports key sizes up to 4,096 bits.

Key Type and Usage
These options allow you to select a key type. Each key type has predefined key usage values associated with it. A check in the check box next to a key usage value indicates that the key type is selected.

These key usages are a subset of the key usages that have been defined in X.509 v3 and they serve different purposes. Data encipherment is asserted when the public key is to be used for encrypting user data (other than cryptographic keys). Key encipherment is asserted when the public key is to be used for encrypting or enciphering other cryptographic keys--for example, for key management purposes. Digital signature is asserted when the public key is used to validate or verify a digital signature.

Unspecified
Does not activate any key usage in the certificate.

Certificate Authority
The default. Activates the Certificate Signing and CRL Signing key usage.

Custom
Lets you select any or all of the key usage options manually.

Set the Key Usage Extension to Critical
With any key type except Unspecified selected, you can mark the key usage extension as critical. Any extension that is critical must be understood by the receiving software before the certificate can be used for any purpose. Therefore, marking an extension as critical does pose some risk, because not all applications can use the certificate. However, for well known extensions such as key usage, the risk is minimal. In general, if key usage is specified, the extension should be marked critical.

Allow Private Key to be Exported
Select this if you want the ability to export the private key with the certificate from eDirectoryTM for use in cryptography-enabled applications or if you wish to be able to easily back-up the private key and certificate.

Enable Extended Key Usage
You can choose to encode an Extended Key Usage extension in the certificate. To activate this feature, select Enable Extended Key Usage.

There are four extended key types available:

Server
Activates the Server Authentication extended key usage.

User
Activates the User Authentication and E-mail Protection extended key usages.

Custom
Lets you select any or all Extended Key Usages.

Any
Lets the key be used for any extended key usage.

Set the Extended Key Usage Extension to Critical
Any extension that is critical must be understood by the receiving software before the certificate can be used for any purpose. Therefore, marking an extension as critical does pose some risk, because not all applications can use the certificate. As many applications do not understand the Extended Key Usage Extension, marking this extension as critical poses significant risk of the certificate not being accepted by a given application; therefore, it should only be set to critical when necessary.

A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.