NameConstraintsExt Plug-in Module
Chapter
4
Certificate Extension Plug-in Modules
201
Table 4-16
Description of parameters defined in the NameConstraintsExt module
Parameter
Description
enable
Specifies whether the rule is enabled or disabled. Check the box to enable
the rule (default). Uncheck the box to disable the rule.
• If you enable the rule and set the remaining parameters correctly, the
server adds the name constraints extension to all certificates specified
by the
predicate
parameter.
• If you disable the rule, the server doesn’t add the extension to
certificates; it ignores the values in the remaining fields.
predicate
Specifies the predicate expression for this rule. If you want this rule to be
applied to all certificate requests, leave the field blank (default). To form a
predicate expression, see section “Using Predicates in Policy Rules” in
Chapter 18, “Setting Up Policies” of CMS Installation and Setup Guide.
Example:
HTTP_PARAMS.certType==ca
critical
Specifies whether the extension should be marked critical or noncritical in
certificates specified by the
predicate
parameter. Check the box if you
want the server to mark the extension critical (default). Uncheck the box if
you want the server to mark the extension noncritical.
numPermittedSubtrees
Specifies the total number of subtrees to be permitted in the extension.
Note that each permitted subtree has a set of configuration parameters and
you must specify appropriate values for each of these parameters;
otherwise the policy rule will return an error.
You can change the total number of permitted subtrees by changing the
value in this field; there’s no restriction on the total number of permitted
subtrees you can include in the extension. Each set of configuration
parameters is distinguished by
<n>
, which is an integer derived from the
value you assign in this field. For example, if you set the
numPermittedSubtrees
parameter to 2,
<n>
would be
0
and
1
.
Permissible values:
0
or
n
.
•
0
specifies that no permitted subtrees can be contained in the extension.
•
n
specifies the total number of permitted subtrees to be included in the
extension; it must be an integer greater than zero. The default value is
8.
Example:
2
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...