RenewalValidityConstraints Plug-in Module
104
Netscape Certificate Management System Plug-Ins Guide • March 2002
Figure 3-7
Parameters of the RenewalValidityConstraints module
The configuration shown in Figure 3-7 creates a policy rule named
RenewalRuleForClientCert
, which enforces a rule that the server should renew
only those client certificates that are due to expire within the next 15 days. The
renewed certificates are valid for at least 60 days (two months) and require
renewing after 180 days (six months).
Table 3-7 gives details about each of the parameters.
Table 3-7
Description of parameters defined in the RenewalValidityConstraints module
Parameter
Description
enable
Specifies whether the rule is enabled or disabled. Check the box to enable the rule
(default). Uncheck the box to disable the rule.
• If you enable the rule and set the remaining parameters correctly, the server sets
the configured validity period in renewed certificates specified by the
predicate
parameter.
• If you disable the rule, the server sets the validity period as specified in the
renewal request.
predicate
Specifies the predicate expression for this rule. If you want the rule to be applied to
all certificate requests, leave the field blank (default). To form a predicate
expression, see section “Using Predicates in Policy Rules” in Chapter 18, “Setting Up
Policies” of CMS Installation and Setup Guide.
Example:
HTTP_PARAMS.certType==client
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...