CertificatePoliciesExt Plug-in Module
148
Netscape Certificate Management System Plug-Ins Guide • March 2002
•
The path length field (
maxPathLen
) is left blank so that it defaults to a value
that is determined by the path length set on the Basic Constraints extension in
the issuer’s certificate.
For details on individual parameters defined in the rule, see Table 4-4 on page 146.
You need to review this rule and make the changes appropriate for your PKI setup.
For instructions, see section “Step 2. Modify Existing Policy Rules” in Chapter 18,
“Setting Up Policies” of CMS Installation and Setup Guide. For instructions on
adding additional instances, see section “Step 4. Add New Policy Rules” in the
same chapter.
CertificatePoliciesExt Plug-in Module
The
CertificatePoliciesExt
plug-in module implements the certificate policies
extension policy. This policy enables you to configure Certificate Management
System to add the Certificate Policies Extension defined in X.509 and PKIX standard
RFC 2459 (see
http://www.ietf.org/rfc/rfc2459.txt
) in certificates. The
extension contains a sequence of one or more policy statements, each indicating the
policy under which the certificate has been issued and identifying the purposes for
which the certificate may be used. Presence of this extension in certificates enables
an application with specific policy requirements to compare its list of policies to the
ones contained in a certificate during its validation; typically, such applications
will have a list of policies (which they will accept) and compare the policies in the
certificate to their list as a part validating the certificate.
To promote interoperatability, the PKIX standard recommends that the policy
statements or information terms should be included in certificates in the form of
object identifiers (OIDs). For more information on OIDs, see Appendix B, “Object
Identifiers.” This means, in order for the server to add this extension to any
certificate it issues, you need to compose policy statements you want to include in
the extension, define OIDs for these policy statements, and configure the server
with these OIDs.
When determining whether to add this extension to certificates, keep in mind that
if the extension exists in a certificate and if it is marked critical, the application
validating the certificate must be able to interpret the extension (including the
optional qualifiers, if any), or else it must reject the certificate. For general
guidelines on setting the certificate policies extension, see “certificatePolicies” on
page 342.
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...