Constraints-Specific Policy Module Reference
Chapter
11
Policies
499
IssuerConstraints
The
IssuerConstraints
plug-in module enables you to effectively deploy
certificate-based enrollment explained in “Certificate-Based Enrollment” on
page 409.
The policy enables the Certificate Manager to authenticate an end user by checking
the issuer DN of the CA that has issued the certificate the user presents as an
enrollment token during enrollment. Note that in the current implementation, the
CA that issues the new certificates must be the same as the one that has issued the
certificates used for SSL client authentication; that is, the issuer DN in the
authentication certificate must match the issuer DN specified in the policy
configuration.
During installation, CMS automatically creates an instance of the issuer constraints
policy, named
IssuerRule
, that is disabled by default.
Table 11-5 describes the configuration parameters of the
IssuerConstraints
policy.
minSize
Specifies the minimum length, in bits, for the key (the length of the modulus in bits).
The value must be smaller than or equal to the one specified by the
maxSize
parameter. Permissible values:
512
or
1024
. You may also enter a custom key size
that is between 512 and 1024, in increments of 64 bits. The default value is 512.
maxSize
Specifies the maximum length, in bits, for the key. Permissible values:
512
or
1024
.
You may also enter a custom key size that is between 512 and 1024, in increments of
64 bits. The default value is
1024
.
exponents
Limits the possible public exponent values. Use commas to separate different values.
Some exponents are more widely used than others. The following exponent values
are recommended for arithmetic and security reasons:
17
and
65537
. Of these two
values,
65537
is preferred. (This setting is mainly an issue if you are using your own
software for generating key pairs. Key-generation programs in Netscape clients and
servers use
3
or
65537
.)
Permissible values: A combination of
3
,
7
,
17
, and
65537
, separated by commas. The
default value is
3,7,17,65537
.
Table 11-4
DSAKeyConstraints Configuration Parameters (Continued)
Parameter
Description
Содержание Certificate Management System 6.1
Страница 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Страница 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 68: ...Support for Open Standards 68 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 166: ...How a Registration Manager Works 166 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 566: ...Managing Policy Plug in Modules 566 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 710: ...1 3 Organization Security Policies 710 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 716: ...Object Identifiers 716 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 762: ...DNs in Certificate Management System 762 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Страница 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Страница 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...