CertificateExtensionConstraints

Describes a set of X.509 extensions that may be part of some certificate issuance controls.

JSON representation 
{
  "knownExtensions": [
    enum (KnownCertificateExtension)
  ],
  "additionalExtensions": [
    {
      object (ObjectId)
    }
  ]
}
Fields
knownExtensions[]

enum (KnownCertificateExtension)

Optional. A set of named X.509 extensions. Will be combined with additionalExtensions to determine the full set of X.509 extensions.
additionalExtensions[]

object (ObjectId)

Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with knownExtensions to determine the full set of X.509 extensions.

KnownCertificateExtension

Describes well-known X.509 extensions that can appear in a Certificate, not including the SubjectAltNames extension.

Enums
KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED Not specified.
BASE_KEY_USAGE Refers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3. This corresponds to the KeyUsage.base_key_usage field.
EXTENDED_KEY_USAGE Refers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12. This corresponds to the KeyUsage.extended_key_usage message.
CA_OPTIONS Refers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9. This corresponds to the X509Parameters.ca_options field.
POLICY_IDS Refers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4. This corresponds to the X509Parameters.policy_ids field.
AIA_OCSP_SERVERS Refers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1, This corresponds to the X509Parameters.aia_ocsp_servers field.
NAME_CONSTRAINTS Refers to Name Constraints extension as described in RFC 5280 section 4.2.1.10