Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION, Administration Manual

Page: 306 / 554

Chapter 13. Certificate Profiles
284
Parameter Description
policyset.
rule_id.policy_number.
constraint.params.
attribute
Specifies a value for an allowed
attribute for the constraint. The
possible attributes vary depending on
the type of constraint. For example,
policyset.serverCertSet.1.constraint.params.pattern=CN=.*
.
policyset.
rule_id.policy_number.
default.class_id Gives the java class name for the default
set in the profile rule. For example,
policyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.
rule_id.policy_number.
default.nameGives the user-defined name
of the default. For example,
policyset.serverCertSet.1.default.name=Subject
Name Default
policyset.
rule_id.policy_number.
default.params.
attribute
Specifies a value for an allowed attribute
for the default. The possible attributes vary
depending on the type of default. For example,
policyset.serverCertSet.1.default.params.name=CN=(Name)$request.requestor_name
$
.
Table 13.1. Profile Configuration File Parameters
13.3.2.2. Modifying Certificate Extensions through the Command Line
Changing constraints changes the restrictions on the type of information which can be supplied.
Changing the defaults and constraints can also add, delete, or modify the extensions which are
accepted or required from a certificate request.
For example, the default caFullCMCUserCert profile is set to create a Key Usage extension from
information in the request.
policyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true
policyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.cmcUserCertSet.6.default.name=Key Usage Default
policyset.cmcUserCertSet.6.default.params.keyUsageCritical=true
policyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false
policyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true