CertificateScopeOfUseExt Plug-in Module
158
Netscape Certificate Management System Plug-Ins Guide • May 2002
CertificateScopeOfUseExt Plug-in Module
The
CertificateScopeOfUseExt
plug-in module implements the certificate scope
of use extension policy. This policy enables you to configure Certificate
Management System to add the Certificate Scope of Use Extension to certificates. The
extension enables you to specify a list of web sites that may request the use of a
particular certificate for SSL client authentication, thus aiding certificate-using
applications to select certificates to present to web sites and to control release of
these certificates.
The SSL protocol provides a way for a client application to authenticate itself to a
web site or server. SSL client authentication occurs upon request of the server, and
proceeds by providing a certificate and a signature to the server. The client may
have more than one certificate that could be used to perform this authentication.
The SSL protocol provides a way for the server to indicate which certificate may be
useful by listing issuing CAs in one of the SSL protocol messages.
By using a particular certificate for SSL client authentication, the client releases
information about itself to the server. This information may include the name and
key information contained in the certificate. It also releases the information that the
client holds a certificate from a particular CA. This information may be of interest
to the company running the server, for example to find users that have certificates
from competing companies.
The certificate scope of use extension can be included in certificates to restrict the
scope-of-use of the certificate for client authentication; the extension enables the
certificate-using application to restrict the release of individual certificates to web
sites requesting SSL client authentication.
The certificate scope of use extension policy in Certificate Management System
enables you to include a list of name patterns that will match server DNS names
where the certificate may be used. It’s up to the certificate-using applications to use
the values in this extension to filter the list of potential certificates to use for client
authentication.
Unlike some of the other policy modules, Certificate Management System does not
create an instance of the certificate scope of use extension policy during
installation. If you want the server to add this extension to certificates, you must
create an instance of the
CertificateScopeOfUseExt
module and configure it. For
instructions, see section “Step 4. Add New Policy Rules” in Chapter 18, “Setting Up
Policies” of CMS Installation and Setup Guide.
Summary of Contents for Certificate Management System 6.01
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 01 May 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide May 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide May 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide May 2002...