PolicyMappingsExt Plug-in Module
224
Netscape Certificate Management System Plug-Ins Guide • March 2002
PolicyConstraintsExt Rule
The policy rule named
PolicyConstraintsExt
is an instance of the
PolicyConstraintsExt
module. Certificate Management System automatically
creates this rule during installation. By default, the rule is configured as follows:
•
The rule is disabled; for the rule to be effective, it must be enabled and
configured appropriately.
•
The predicate expression is set (
predicate=HTTP_PARAMS.certType==ca
) so
that the extension gets added to CA certificates only. PKIX and Federal PKI
standards recommend that CA certificates must have this extension and
end-entity certificates should have this extension.
•
The extension is marked noncritical.
•
No subordinate CA certificates are permitted in the path before an explicit
policy is required (
reqExplicitPolicy=0
).
•
The
inhibitPolicyMapping
field is not set in the extension.
For details on individual parameters defined in the rule, see Table 4-22 on
page 222. You need to review this rule and make the changes appropriate for your
PKI setup. For instructions, see section “Step 2. Modify Existing Policy Rules” in
Chapter 18, “Setting Up Policies” of CMS Installation and Setup Guide. For
instructions on adding additional instances, see section “Step 4. Add New Policy
Rules” in the same chapter.
PolicyMappingsExt Plug-in Module
The
PolicyMappingsExt
plug-in module implements the policy mappings
extension policy. This policy enables you to configure Certificate Management
System to add the Policy Mappings Extension defined in X.509 and PKIX standard
RFC 2459 (see
http://www.ietf.org/rfc/rfc2459.txt
) to certificates. The
extension lists one or more pairs of OIDs, each pair identifying two policy
statements of two CAs. The pairing indicates that the corresponding policies of one
CA are equivalent to policies of another CA. The extension may be useful in the
context of cross-certification.
The PKIX standard suggests that the extension must be marked noncritical and
may be supported by CAs and/or applications. If supported, the extension is to be
included in CA certificates only. Before configuring the server to add the policy
mappings extension to certificates, read the general guidelines provided in
“policyMappings” on page 353.
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...