HCC Crypto

Generate Ruleset

This tool generates a ruleset file that can be used to check certificate attributes. The left column displays available rules, the middle column displays rule settings, and the right column displays rules selected for the ruleset. Select rules on the left to display the associated rule settings in the middle. Any change to the settings will automatically add the rule to the ruleset on the right. After you are done adding rules to the ruleset, click 'Create File' on the right.

Rule Options

  • Public Key Algorithm & Size
  • Issuer Name DNs: Must Contain
    • Country
    • Organization
    • Locality
    • State
    • Organizational Unit
    • Common Name
  • Subject Name DNs: Must Contain
    • Country
    • Organization
    • Locality
    • State
    • Organizational Unit
    • Common Name
  • Extension Requests: Must Contain
    • AuthorityKeyIdentifier
    • SubjectKeyIdentifier
    • KeyUsage
    • CertificatePolicy
    • SubjectAltName_DNSName
    • ExtKeyUsage
    • BasicConstraints
    • CRLDistributionPoint
    • AuthorityInformationAccess
    • Custom Extension 1
    • Custom Extension 2

Form

Public Key Algorithm and Size

Issuer Name: Country

Value Restrictions

Must Equal
* Locked to 'Must Equal' for Country
Value:
* numeric values are not allowed

Issuer Name: Organization

Value Restrictions

Must Contain
Value:
* the set value must be within any length restrictions set

Character Length Restrictions

Minimum: - Maximum:
* numeric values must not be negative

Issuer Name: Locality

Value Restrictions

Must Contain
Value:
* the set value must be within any length restrictions set

Character Length Restrictions

Minimum: - Maximum:
* numeric values must not be negative

Issuer Name: State

Value Restrictions

Must Contain
Value:
* the set value must be within any length restrictions set

Character Length Restrictions

Minimum: - Maximum:
* numeric values must not be negative

Issuer Name: Organizational Unit

Value Restrictions

Must Contain
Value:
* the set value must be within any length restrictions set

Character Length Restrictions

Minimum: - Maximum:
* numeric values must not be negative

Issuer Name: Common Name

Value Restrictions

Must Contain
Value:
* the set value must be within any length restrictions set

Character Length Restrictions

Minimum: - Maximum:
* numeric values must not be negative

Subject Name: Country

Value Restrictions

Must Equal
* Locked to 'Must Equal' for Country
Value:
* numeric values are not allowed

Subject Name: Organization

Value Restrictions

Must Contain
Value:
* the set value must be within any length restrictions set

Character Length Restrictions

Minimum: - Maximum:
* numeric values must not be negative

Subject Name: Locality

Value Restrictions

Must Contain
Value:
* the set value must be within any length restrictions set

Character Length Restrictions

Minimum: - Maximum:
* numeric values must not be negative

Subject Name: State

Value Restrictions

Must Contain
Value:
* the set value must be within any length restrictions set

Character Length Restrictions

Minimum: - Maximum:
* numeric values must not be negative

Subject Name: Organizational Unit

Value Restrictions

Must Contain
Value:
* the set value must be within any length restrictions set

Character Length Restrictions

Minimum: - Maximum:
* numeric values must not be negative

Subject Name: Common Name

Value Restrictions

Must Contain
Value:
* the set value must be within any length restrictions set

Character Length Restrictions

Minimum: - Maximum:
* numeric values must not be negative

Extension Request: Authority Key Identifier

Critical Settings

Must Be Non-Critical

Extension Request: Subject Key Identifier

Critical Settings

Must Be Non-Critical

Extension Request: Key Usage

Critical Settings

Must Be Non-Critical

Usage Flags (must ONLY contain the selected values)

* hold Ctrl or Command to select multiple

Extension Request: Certificate Policy

Critical Settings

Must Be Non-Critical

Certificate Policy OID

* only decimals and numeric values allowed

Extension Request: Subject Alt Name - DNS Name

Critical Settings

Must Be Non-Critical

Subject Alt Name - DNS Name

Extension Request: Ext Key Usage

Critical Settings

Must Be Non-Critical

Usage Flags (must ONLY contain the selected values)

* hold Ctrl or Command to select multiple

Extension Request: Basic Constraints

Critical Settings

Must Be Non-Critical

Constraints Flag

Extension Request: CRL Distribution Point

Critical Settings

Must Be Non-Critical

CRL Distribution Point

Extension Request: Authority Information Access

Critical Settings

Must Be Non-Critical

Authority Information Access - OCSP

Extension Request: Custom Extension 1

Critical Settings

Must Be Non-Critical

Custom OID

Extension Request: Custom Extension 2

Critical Settings

Must Be Non-Critical

Custom OID

Ruleset

X
Issuer Name DNs: --
X
X
X
X
X
X
Subject Name DNs: --
X
X
X
X
X
X
Extension Requests --
X
X
X
X
X
X
X
X
X
X
X
* file creation disabled until invalid inputs are fixed

Cookie Consent Policy

This website uses cookies. See Privacy Policy
Accept