Managing Policy Plug-in Modules
Chapter
11
Policies
563
For general information about this extension, see “authorityKeyIdentifier” on
page 737.
You can also customize the method for deriving the Key Identifier using the CMS
SDK by subclassing the policy and overriding the following method:
formKeyIdentifier(X509CertInfo certInfo, IRequest req)
If enabled, the policy adds a Subject Key Identifier Extension to an enrollment
request if the extension does not already exist. If the extension exists in the request,
for example from a CRMF request, the policy replaces the extension. In case of
agent-approved enrollments, after an agent approves the enrollment request, the
policy accepts any Subject Key Identifier Extension that is already there.
During installation, CMS automatically creates an instance of the subject key
identifier extension policy, named
SubjectKeyIdentifierExt
that is enabled by
default.
Managing Policy Plug-in Modules
This section explains how to use the CMS window to perform the following
operations:
Table 11-41
SubjectKeyIdentifierExt Configuration Parameters
Parameter
Description
enable
Specifies whether the rule is enabled or disabled. Select to enable, deselect to
disable.
predicate
Specifies the predicate expression for this rule. If you want this rule to be applied
to all certificate requests, leave the field blank (default). To form a predicate
expression, see “Using Predicates in Policy Rules,” on page 485.
critical
Select if you want the server to mark the extension critical; deselect if you want
the server to mark the extension noncritical (default).
KeyIdentifierType
Specifies the method for deriving Key Identifier.
•
SHA1
specifies that the key identifier must be derived as a 20 byte (160 bit)
SHA-1 hash of the BIT STRING of Subject Public Key (default).
•
TypeField
specifies that the key identifier must be derived as a type field
value of 0100 followed by 60 least significant bits of the SHA-1 hash of the
Subject Public Key.
•
SpkiSHA1
specifies that the key identifier must be derived as a 20 byte (160
bit) SHA-1 hash of the Subject Public Key Info.
Summary of Contents for Certificate Management System 6.1
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Page 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Page 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Page 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Page 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Page 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Page 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...