CertificateRenewalWindowExt Plug-in Module
154
Netscape Certificate Management System Plug-Ins Guide • March 2002
Because the renewal process requires end users to remember when their certificates
expire and renew them before the expiry date, some clients provide built-in
support for automated renewal. Inclusion of the certificate renewal window
extension in certificates is useful in a PKI setup with such clients; such a setup
eliminates the need for the owner of the certificate to manually submit a renewal
request to the CA and install the renewed certificate. For example, assume you
have deployed clients that can automatically submit certificate-renewal requests to
Certificate Management System. If you issue certificates with the certificate
renewal window extension to these clients, they can then read this extension for the
renewal window and automatically get the certificate renewed from the CA during
that window.
For a PKI setup without clients that can handle automated certificate renewals,
Certificate Management System enables administrators to easily manage certificate
renewals using the following features:
•
The renewal notification job, which reminds users to renew their certificates
before they expire.
•
The renewal constraints policy, which determines whether expired certificates
can be renewed; see “RenewalConstraints Plug-in Module” on page 99.
•
The renewal validity constraints policy, which controls when users can renew
their certificates and what should be the validity period in renewed certificates;
see “RenewalValidityConstraints Plug-in Module” on page 102.
Unlike some of the other policy modules, Certificate Management System does not
create an instance of the certificate renewal window extension policy during
installation. If you want the server to add this extension to certificates, you must
create an instance of the
CertificateRenewalWindowExt
module and configure it.
For instructions, see section “Step 4. Add New Policy Rules” in Chapter 18,
“Setting Up Policies” of CMS Installation and Setup Guide.
Configuration Parameters of
CertificateRenewalWindowExt
In the CMS configuration file, the
CertificateRenewalWindowExt
module is
identified as
<subsystem>.Policy.impl.CertificateRenewalWindowExt.
class=com.netscape.cms.policy.CertificateRenewalWindowExt
, where
<subsystem>
is
ca
or
ra
(prefix identifying the subsystem).
In the CMS window, the module is identified as
CertificateRenewalWindowExt
.
Figure 4-6 shows how the configurable parameters for the module are displayed in
the CMS window.
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...