Advanced certificate details

Notes certificate details

Advanced Details and Certificate Details display the following details about the Notes® certificate you have selected:

• Certificate Issued To -- who the certificate belongs to.
• Certificate Issued To (Alternate Names) -- the alternate names of whom the certificate is issued to and the associated language with the alternate names, if there are any. Users have one alternate name if any, but certificate authorities (CAs) can have many.
• Certificate Issued By -- the CA that issued the certificate.
• Issuer Key Identifier -- the unique key that identifies the CA's certificate.
• Key Identifier -- the unique key that identifies the certificate.
• Expires -- the certificate's expiration date. Notes® certificates are often no longer usable after they expire.
• Activated -- the certificate's date of issue.

Type -- the type of certificate --Notes multi-purpose, Notes® International, Notes® certificate authority, or flat certificate.

Internet certificate details

Advanced Details and Certificate Details displays the following information about the Internet certificate you have selected:

• Whether or not the selected Internet certificate is your default signing certificate for Internet-style Notes® mail (S/MIME).
• The following details about the selected Internet certificate:
  • Issued To -- who the certificate belongs to, shown in distinguished name format. For example, EMAIL=Joe_Smith@ACME.com/CN=Joe Smith/O=ACME.
  • Issued By -- the CA that issued and signed the certificate, shown in distinguished name format.
  • Fingerprint -- the unique identifier for the certificate.
  • Serial Number -- a number assigned to the certificate by the CA, which is unique across all certificates issued by this CA. The issuer name and a serial number together identify a unique certificate.
  • Version -- X.509 version information for the certificate. A prevalent version is X.509 version 3, which is a standard that allows a certificate to contain customized extensions.
  • Activated -- the date the certificate can start being used. Internet CAs can often create certificates in advance that are not valid until a start date in the future.
  • Expires -- the date the certificate expires. Internet CA certificates are often no longer usable after they expire because once the certificate expires, the issuing is no longer required to maintain information about the status of the certificate.
  • Signature Algorithm -- the cryptographic algorithm used by the CA when it signed this certificate.
  • Key Strength -- the number of bits in the public key, where a higher number of bits indicates a stronger and more secure key.
  • Key Algorithm -- the algorithm with which the public key is used. Most common types of algorithms are RSA and DSA.
  • Key Usage -- what the certificate key can be used for, such as signing email. The most commonly seen key usages are:- Digital signature -- most commonly used to indicate that the key can be used for signing and authentication.- Key encryption -- most commonly indicates that the key can be used for encryption and key transport.- Data encryption -- used for encrypting data other than cryptographic keys. - Certificate signing -- used only in CA certificates for verifying signatures on certificates.- CRL signing -- used to verify a signature on revocation information, for example a CRL.
  • Extended Key Usage -- indicates additional purposes for which the key in the certificate may be used, for example: Web server authentication, Web client authentication, signing of downloadable code, email protection, time stamping.
  • Subject Key Identifier -- may be used to facilitate the building of a certificate chain for the certificate.
  • Authority Key Identifier -- used if a CA has multiple signing keys. The identifier provides a way to show which of the CA's keys have been used to sign the certificate.
  • Subject Alternative Name -- includes additional names that apply to the owner of the certificate. Might include additional Internet email names, a DNS name, an IP address, a Windows® 2000 Kerberos name, or other identifier.
  • Issuer Alternative Name -- includes additional names that apply to the issuer of the certificate. Might include additional Internet email names, a DNS name, an IP address, a Windows® 2000 Kerberos name, or other identifier.
  • Basic Constraints -- usually only found in a CA certificate, identifies whether the certificate belongs to a CA, and may provide information about the certification path.
  • Name Constraints -- appears only in a CA certificate; gives information on the expected format of names in the certificates that the CA issues.
  • Certificate Policies -- states policies under which the certificate was issued and additional purposes for which the certificate can be used.
  • Policy Mappings -- appears only in a CA certificate; helps identify which policies are associated with the CA.
  • Policy Constraints -- appears only in a CA certificate; used to prohibit policy mapping or it require that certain certificates contain a given policy identifier.
  • CRL Distribution Points -- identifies where CRL information is obtained from.
  • Private Key Usage Period -- specifies a different validity period for the private key than for the certificate; includes a Start time and an Expiration time for the private key associated with the certificate.
  • Authority Information Access -- appears only in a CA certificate; indicates how to access more CA information through HTTP, FTP, LDAP or email. For example, if the access method is email, an access location may be an email address.