Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.

Skip to end of metadata
Go to start of metadata

This article lists the attribute certificate (AC) tasks that are done by registration officers in Smart ID Certificate Manager (CM), using both the Registration Authority (RA) in Certificate Manager and the Certificate Controller (CC) in Certificate Manager.

About attribute certificates

Attribute certificates are signed objects that assert additional properties with respect to some identity certificate (also called base certificate). An attribute certificate has no associated key pair and consequently cannot be used to establish identity.

Attribute certificates can be thought of as extensions to identity certificates, even if the attribute certificate may be signed by a different CA than the base certificate. When the associated attributes are mainly used for the purpose of authorization, an attribute certificate is called authorization certificate. 

Attribute certificates typically have a much shorter lifetime than X.509 certificates.

Smart ID Certificate Manager supports attribute certificates version 2, as specified in RFC 3281, as well as the No Revocation Available (NoRevAvail) extension as specified in RFC 5755. An attribute certificate format with this extension is included in the Certificate Manager installation. An attribute certificate with the NoRevAvail extension is not possible to revoke.