SubCANameConstraints Plug-in Module
116
Netscape Certificate Management System Plug-Ins Guide • March 2002
SubCANameConstraints Rule
The rule named
SubCANameConstraints
is an instance of the
SubCANameConstraints
module. Certificate Management System automatically
creates this rule during installation. By default, the rule is configured as follows:
•
The rule is enabled.
•
The predicate expression is left blank so that the rule is applied to all certificate
enrollment and renewal requests processed by the server.
For details on individual parameters defined in the rule, see Table 3-12 on
page 118. You need to review this rule and make the changes appropriate for your
PKI setup. For instructions, see section “Step 2. Modify Existing Policy Rules” in
Chapter 18, “Setting Up Policies” of CMS Installation and Setup Guide. For
instructions on adding additional instances, see section “Step 4. Add New Policy
Rules” in the same chapter.
Table 3-11
Description of parameters defined in the SubCANameConstraints module
Parameter
Description
enable
Specifies whether the rule is enabled or disabled. Check the box to enable the rule.
Uncheck the box to disable the rule (default).
• If you enable the rule and set the remaining parameters correctly, the server
checks the certificate requests for issuer name uniqueness. If a certificate with the
requested issuer name already exists in the internal database, the server rejects the
request.
• If you disable the rule, the server does not check the CA certificate requests for
issuer name uniqueness.
predicate
Specifies the predicate expression for this rule. If you want this rule to be applied to
all certificate requests, leave the field blank (default). To form a predicate expression,
see section “Using Predicates in Policy Rules” in Chapter 18, “Setting Up Policies” of
CMS Installation and Setup Guide.
Example:
HTTP_PARAMS.certType==ca
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...