| Name | Data Type | Default Value | Qualifiers |
| Name | Data Type | Value |
| CADistinguishedName | string | |
| Description | string | Certificates refer to their issuing CA by its Distinguished Name (as defined in X.501). |
| Dn | boolean | true |
| CAPolicyStatement | string | |
| Description | string | The CAPolicyStatement describes what care is taken by the CertificateAuthority when signing a new certificate. The CAPolicyStatment may be a dot-delimited ASN.1 OID string which identifies to the formal policy statement. |
| CRLRefreshFrequency | uint8 | |
| Description | string | The frequency, expressed in hours, at which the CA will update its Certificate Revocation List. Zero implies that the refresh frequency is unknown. |
| PUnit | string | hour |
| Units | string | Hours |
| MaxChainLength | uint8 | |
| Description | string | The maximum number of certificates in a certificate chain permitted for credentials issued by this certificate authority or it's subordinate CAs.
The MaxChainLength of a superior CA in the trust hierarchy should be greater than this value and the MaxChainLength of a subordinate CA in the trust hierarchy should be less than this value. |
| CRL | string[] | |
| Description | string | A CRL, or CertificateRevocationList, is a list of certificates which the CertificateAuthority has revoked and which are not yet expired. Revocation is necessary when the private key associated with the public key of a certificate is lost or compromised, or when the person for whom the certificate is signed no longer is entitled to use the certificate. |
| OctetString | boolean | true |
| CRLDistributionPoint | string[] | |
| Description | string | Certificate revocation lists may be available from a number of distribution points. CRLDistributionPoint array values provide URIs for those distribution points. |