RenewalConstraints Plug-in Module
Chapter
3
Constraints Policy Plug-in Modules
99
KeyAlgRule Rule
The rule named
KeyAlgRule
is an instance of the
KeyAlgorithmConstraints
module. Certificate Management System automatically creates this rule during
installation. By default, the rule is configured as follows:
•
The rule is enabled.
•
The predicate expression is left blank so that the rule is applied to all certificate
enrollment and renewal requests processed by the server.
•
The key type allowed is RSA (
algorithms=RSA
).
For details on individual parameters defined in the rule, see Table 3-5 on page 98.
You need to review this rule and make the changes appropriate for your PKI setup.
For instructions, see section “Step 2. Modify Existing Policy Rules” in Chapter 18,
“Setting Up Policies” of CMS Installation and Setup Guide. For instructions on
adding additional instances, see section “Step 4. Add New Policy Rules” in the
same chapter.
RenewalConstraints Plug-in Module
The
RenewalConstraints
plug-in module implements the renewal constraints
policy. This policy imposes constraints on renewal of expired certificates—it allows
or restricts the server from renewing expired certificates. You may apply this
policy to end-entity certificate renewal requests. For example, if you don’t want to
allow renewal of expired certificates, you can configure the server accordingly
using the policy.
In certain situations you may want to allow renewal of expired certificates. Here’s
one such scenario: the renewal validity constraints policy (see
“RenewalValidityConstraints Plug-in Module” on page 102) allows you to delay
renewal of certificates as long as possible to reduce the overhead of processing new
certificate requests. Typically, you would limit the renewal process to the last few
algorithms
Specifies the key type the server should certify. The default is RSA.
Permissible values:
RSA
,
DSA
, or
RSA,DSA
.
Example:
RSA
Table 3-5
Description of parameters defined in the KeyAlgorithmConstraints module (Continued)
Parameter
Description
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...