KeyUsageExt Plug-in Module
198
Netscape Certificate Management System Plug-Ins Guide • March 2002
Each of these forms embed HTTP input variables (for key-usage bits) that are
considered appropriate for the certificate being requested using that form. If you
want, you may create additional instances of the key usage extension policy, one
each for each client certificate enrollment form and configure these instances as
appropriate. Be sure to use the correct predicate expression to distinguish the
certificates to thus avoid setting incorrect bits.
ObjSignCertKeyUsageExt Rule
The policy rule named
ObjSignCertKeyUsageExt
is an instance of the
KeyUsageExt
module. This rule is for setting the appropriate key-usage bits in
object signing certificates. By default, the rule is configured as follows:
•
The rule is enabled.
•
The predicate expression
(
predicate=HTTP_PARAMS.certType==objSignClient
) ensures that the rule
is applied to only object signing certificate requests.
•
The extension is marked noncritical (to comply with the PKIX
recommendation).
•
The server is configured to set
digitalSignature
and
keyCertsign
bits in
object-signing certificates. Notice that the key-usage bits specified in the
default policy rule match the bits specified in the enrollment form
(
ManObjSignEnroll.html
) for requesting object-signing certificates (see
Figure 4-17).
Figure 4-17
Key usage extension bits in the object signing certificate enrollment form
Содержание Certificate Management System 6.0
Страница 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Страница 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 126: ...ValidityConstraints Plug in Module 126 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 266: ...LdapSubjAttrMap Plug in Module 266 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 324: ...DNs in Certificate Management System 324 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 370: ...CA Certificates and Extension Interactions 370 Netscape Certificate Management System Plug Ins Guide March 2002...