Introduction to Policy
Chapter
11
Policies
487
You can define your own attributes for predicates, if there’s a need. For example,
assume you have two organizational units Sales and Manufacturing and you want
to issue client certificates with different validity periods to users in these two units.
A quick and easy way to accomplish this would be to define a new attribute for the
organizational unit, add the attribute to the enrollment form that the users in these
organizational units use for certificate enrollment (so that the server receives it
from the HTTP input), and use the attribute in the predicate expression for the
validity constraints policy—a policy rule that determines the validity period of
certificates the server issues. For details on this policy, see “ValidityConstraints,”
on page 506.
Note that to define a new attribute in any of the HTML forms, all you need to do is
to add the following line to the corresponding HTML form:
<input type="HIDDEN" name="attribute_name" value="attribute_value">
Enrollment
cepsubstore
Specifies the name of the CEP service; for example,
cep1
and
cep2
. When setting up multiple CEP services, you can use
predicates to differentiate one service for another; see “CEP
Enrollment” on page 412.
Enrollment,
Renewal, and
Revocation
requestStatus
Specifies when (or the phase in which) a request gets
subjected to policy processing:
•
begin
specifies that the request be subjected to a policy
before it gets queued for agent approval.
•
pending
specifies that the request be subjected to a
policy after agent approval.
Renewal
requestFormat
Specifies the certificate request format. Default values
include the following:
•
clientAuth
•
pkcs10
Default attributes from an authentication token:
(Upon successful authentication these attributes go into an enrollment request)
Enrollment
authMgrImplName
Specifies the name of the authentication plug-in module that
authenticated the request.
Enrollment
authMgrInstName
Specifies the name of the authentication instance that
authenticated the request.
Table 11-2
Attributes supported by request object implementations (Continued)
Request type
Variable name
Description
Summary of Contents for Certificate Management System 6.2
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 2 June 2003...
Page 22: ...22 Netscape Certificate Management System Administrator s Guide June 2003...
Page 30: ...Documentation 30 Netscape Certificate Management System Administrator s Guide June 2003...
Page 84: ...Uninstalling CMS 84 Netscape Certificate Management System Administrator s Guide June 2003...
Page 380: ...ACL Reference 380 Netscape Certificate Management System Administrator s Guide June 2003...
Page 750: ...Object Identifiers 750 Netscape Certificate Management System Administrator s Guide June 2003...
Page 828: ...Managing Certificates 828 Netscape Certificate Manager System Administrator s Guide June 2003...
Page 844: ...The SSL Handshake 844 Netscape Certificate Manager System Administrator s Guide June 2003...
Page 862: ...862 Netscape Certificate Management System Administrator s Guide June 2003...