KeyUsageExt Plug-in Module
188
Netscape Certificate Management System Plug-Ins Guide • March 2002
•
ServerCertKeyUsageExt (For details, see “ServerCertKeyUsageExt Rule” on
page 195.)
•
ClientCertKeyUsageExt (For details, see “ClientCertKeyUsageExt Rule” on
page 196.)
•
ObjSignCertKeyUsageExt (For details, see “ObjSignCertKeyUsageExt Rule” on
page 198.)
•
CRLSignCertKeyUsageExt (For details, see “CRLSignCertKeyUsageExt” on
page 199.)
It is important that you review each policy instance and make the appropriate
changes required by your PKI setup. For instructions, see section “Step 2. Modify
Existing Policy Rules” in Chapter 18, “Setting Up Policies” of CMS Installation and
Setup Guide. For instructions on adding additional instances, see section “Step 4.
Add New Policy Rules” in the same chapter.
Additionally, as you’ll notice in Figure 4-13 through Figure 4-17, the default
enrollment forms provided for requesting various types of certificates (see
“Enrollment Forms” on page 53) include the appropriate HTTP input variables that
correspond to the key-usage bits. By default only variables that correspond to
key-usage bits that need to be set are included in the form.
Typically, you won’t have to change the key-usage bit setting by editing the
enrollment forms as you can do this easily by making the appropriate changes to
the policy instance (bits set on the server side override the ones set on the client
side). However, if you want to add new variables on the client side, you can do that
too. Be sure to add the new variable in the following format:
<input type="HIDDEN" name="variable_name" value=true>
where,
variable_name
can be any of the HTTP input variables listed in Table 4-14.
The value of an HTTP input variable corresponding to a key-usage bit must be
either
true
or
false
; any other value is considered equivalent to
false
. For
example, a value
tree
would be interpreted as
false
by the server. Note that
values
true
and
false
are case insensitive.
Configuration Parameters of KeyUsageExt
In the CMS configuration file, the
KeyUsageExt
module is identified as
<subsystem>.Policy.impl.KeyUsageExt.class=com.netscape.cms.
policy.KeyUsageExt
, where
<subsystem>
is
ca
or
ra
(prefix identifying the
subsystem).
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...