BasicConstraintsExt Plug-in Module
Chapter
4
Certificate Extension Plug-in Modules
145
Because the basic constraints extension is a critical extension and is used by
applications to determine the path length during certificate validation to chain up
to the trusted CA, it’s important that you set this extension correctly.
Also note that when a user submits a certificate request using the
manual-enrollment method, the basic constraints extension is set on that request as
per the configured policy, and then the request is queued for agent approval. When
an agent approves the request, it is subjected to the configured policy again. If
there’s a change in the configuration of the basic constraints extension, the server
may reject the agent-approved request. For the server to approve the request, the
user will have to resubmit the request.
During installation, Certificate Management System automatically creates an
instance of the basic constraints extension policy. See “BasicConstraintsExt Rule”
on page 147.
Configuration Parameters of
BasicConstraintsExt
In the CMS configuration file, the
BasicConstraintsExt
module is identified as
ca.Policy.impl.BasicConstraintsExt.class=com.netscape.cms.
policy.BasicConstraintsExt
.
In the CMS window, the module is identified as
BasicConstraintsExt
. Figure 4-4
shows how the configurable parameters for the module are displayed in the CMS
window.
Figure 4-4
Parameters defined in the BasicConstraintsExt module
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...