Class CertificateExtensionConstraints (1.11.0)

Describes a set of X.509 extensions that may be part of some certificate issuance controls.

Describes well-known X.509 extensions that can appear in a Certificate, not including the SubjectAltNames extension.

Values: KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED (0): Not specified. BASE_KEY_USAGE (1): Refers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3 <https://tools.ietf.org/html/rfc5280#section-4.2.1.3>. This corresponds to the KeyUsage.base_key_usage field. EXTENDED_KEY_USAGE (2): Refers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12 <https://tools.ietf.org/html/rfc5280#section-4.2.1.12>. This corresponds to the KeyUsage.extended_key_usage message. CA_OPTIONS (3): Refers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9 <https://tools.ietf.org/html/rfc5280#section-4.2.1.9>. This corresponds to the X509Parameters.ca_options field. POLICY_IDS (4): Refers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4 <https://tools.ietf.org/html/rfc5280#section-4.2.1.4>. This corresponds to the X509Parameters.policy_ids field. AIA_OCSP_SERVERS (5): Refers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1 <https://tools.ietf.org/html/rfc5280#section-4.2.2.1>, This corresponds to the X509Parameters.aia_ocsp_servers field. NAME_CONSTRAINTS (6): Refers to Name Constraints extension as described in RFC 5280 section 4.2.1.10 <https://tools.ietf.org/html/rfc5280#section-4.2.1.10>