SubjectAltNameExt Plug-in Module
Chapter
4
Certificate Extension Plug-in Modules
235
Table 4-26
Description of parameters defined in the SubjectAltNameExt module
Parameter
Description
enable
Specifies whether the rule is enabled or disabled. Check the box to enable the
rule (default). Uncheck the box to disable the rule.
• If you enable the rule and set the remaining parameters correctly, the server
adds the subject alternative name extension to certificates specified by the
predicate
parameter.
• If you disable the rule, the server does not add the extension to certificates; it
ignores the values in the remaining fields.
predicate
Specifies the predicate expression for this rule. If you want this rule to be applied
to all certificate requests, leave the field blank (default). To form a predicate
expression, see section “Using Predicates in Policy Rules” in Chapter 18, “Setting
Up Policies” of CMS Installation and Setup Guide.
Example:
HTTP_PARAMS.certType==client
critical
Specifies whether the extension should be marked critical or noncritical in
certificates specified by the
predicate
parameter. Check the box if you want
the server to mark the extension critical. Uncheck the box if you want the server
to mark the extension noncritical (default).
numGeneralNames
Specifies the total number of alternative names or identities permitted in the
extension. Note that each name has a set of configuration
parameters—
generalName<n>.requestAttr
and
generalName<n>.generalNameChoice
—and you must specify appropriate
values for each of those parameters; otherwise the policy rule will return an
error.
You can change the total number of identities by changing the value of this
parameter; there’s no restriction on the total number of identities you can
include in the extension. Each set of configuration parameters is distinguished
by
<n>
, which is an integer derived from the value you assign in this field. For
example, if you set the
numGeneralNames
parameter to 2,
<n>
would be
0
and
1
.
Permissible values:
0
or
n
.
•
0
specifies that no identities can be contained in the extension.
•
n
specifies the total number of identities to be included in the extension; it
must be an integer greater than zero. The default value is 8.
Example:
2
Содержание Certificate Management System 6.0
Страница 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Страница 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 126: ...ValidityConstraints Plug in Module 126 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 266: ...LdapSubjAttrMap Plug in Module 266 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 324: ...DNs in Certificate Management System 324 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 370: ...CA Certificates and Extension Interactions 370 Netscape Certificate Management System Plug Ins Guide March 2002...