ValidityConstraints Plug-in Module
Chapter
3
Constraints Policy Plug-in Modules
125
DefaultValidityRule Rule
The rule named
DefaultValidityRule
is an instance of the
ValidityConstraints
module. Certificate Management System automatically
creates this rule during installation. By default, the rule is configured as follows:
•
The rule is enabled.
•
The predicate expression is left blank so that the rule is applied to all certificate
enrollment and renewal requests processed by the server.
•
The minimum validity period allowed for certificates is 1 day
(
minValidity=1
).
•
The maximum validity period allowed for certificates is 365 days
(
maxValidity=365
).
•
The lead time allowed is 10 minutes (
leadTime=10
).
•
The lag time allowed is 10 minutes (
lagTime=10
).
•
The the number of minutes to subtract from the current time when creating the
value for the certificate’s
notBefore
attribute is 5 minutes (
notBeforeSkew=5
).
For details on individual parameters defined in the rule, see Table 3-13 on
page 123. You need to review this rule and make the changes appropriate for your
PKI setup. For instructions, see section “Step 2. Modify Existing Policy Rules” in
Chapter 18, “Setting Up Policies” of CMS Installation and Setup Guide. For
instructions on adding additional instances, see section “Step 4. Add New Policy
Rules” in the same chapter.
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...