NameConstraintsExt Plug-in Module
Chapter
4
Certificate Extension Plug-in Modules
207
NameConstraintsExt Rule
The policy rule named
NameConstraintsExt
is an instance of the
NameConstraintsExt
module. Certificate Management System automatically
creates this rule during installation. By default, the rule is configured as follows:
•
The rule is disabled; for the rule to be effective, it must be enabled and
configured appropriately.
•
The predicate expression is set (
predicate=HTTP_PARAMS.certType==ca
) so
that the extension gets added to CA certificates only.
•
The extension is marked critical (to comply with the PKIX recommendation).
•
The total number of permitted subtrees to be contained in the extension is set
to 3 (
numPermittedSubtrees=3
).
• If you selected
otherName
, the value must be the absolute path to the
file that contains the base-64 encoded string of the subtree. For
example,
/usr/netscape/servers/ext/nc/othername.txt
.
excludedSubtrees<n>.
min
Specifies the minimum number of excluded subtrees.
Permissible values:
-1
,
0
, or
n
.
•
-1
specifies that the field should not be set in the extension.
•
0
specifies that the minimum number of subtrees is zero (default).
•
n
must be an integer that is greater than zero. It specifies at the most
n
subtrees are allowed.
Example:
0
excludedSubtrees<n>.
max
Specifies the maximum number of excluded subtrees.
Permissible values:
-1
,
0
, or
n
.
•
-1
specifies that the field should not be set in the extension (default).
•
0
specifies that the maximum number of subtrees is zero.
•
n
must be an integer that is greater than zero. It specifies at the most
n
subtrees are allowed.
Example:
1
Table 4-16
Description of parameters defined in the NameConstraintsExt module (Continued)
Parameter
Description
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...