ValidityConstraints Plug-in Module
124
Netscape Certificate Management System Plug-Ins Guide • March 2002
leadTime
Specifies the lead time, in minutes, for certificates. For a certificate renewal request to
pass the renewal validity constraints policy, the value of the
notBefore
attribute in
the certificate request must not be more than value of the
leadTime
parameter in the
future, relative to the time when the policy rule is run.
The
notBefore
attribute value specifies the date on which the certificate validity
begins; validity dates through the year 2049 are encoded as UTCTime, dates in 2050
or later are encoded as GeneralizedTime.
Permissible values: As applicable. The default value is 10 minutes.
Example:
10
lagTime
Specifies the lag time, in minutes, for certificates. For a certificate renewal request to
pass the renewal validity constraints policy, the value of the
notBefore
attribute in
the certificate request must not be more than the value of the
lagTime
in the past,
relative to the time when the policy is run.
The
notBefore
attribute value specifies the date on which the certificate validity
ends; validity dates through the year 2049 are encoded as UTCTime, dates in 2050 or
later are encoded as GeneralizedTime.
Permissible values: As applicable. The default value is 10 minutes.
Example:
10
notBeforeSkew
Specifies the number of minutes to subtract from the current time when creating the
value for the certificate’s
notBefore
attribute. It can help some clients with
incorrectly set clocks use the new certificate after downloading. For example, if the
certificate is issued at 11:30 a.m. and the clock settings of the client into which the
certificate is downloaded is 11:20 a.m., the certificate cannot be used for 10 minutes.
Setting the value of the
beforeFix
parameter to 10 minutes would adjust the value
of the
notBefore
parameter to 11:20 a.m.—thus making the certificate usable
following the download.
Permissible values: As applicable. The default value is 5 minutes.
Example:
5
Table 3-13
Description of parameters defined in the ValidityConstraints module (Continued)
Parameter
Description
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...