Constraints-Specific Policy Module Reference
500
Netscape Certificate Management System Administrator’s Guide • February 2003
KeyAlgorithmConstraints
The
KeyAlgorithmConstraints
plug-in module restricts the key algorithm
requested in certificates to the algorithms, such as RSA and DSA, supported by
CMS. In other words, this policy allows you to set restrictions on the types of
public keys certified by CMS.
You may apply this policy to end-entity certificate enrollment and renewal
requests. For example, if you want your CA to certify only those public keys that
comply with the PKCS-1 RSA Encryption Standard, you can configure the server
for that using the policy.
During installation, CMS automatically creates an instance of the key algorithm
constraints policy, named
KeyAlgRule
, that is enabled by default.
Table 11-6 describes the configuration parameters of the
KeyAlgorithmConstraints
policy.
Table 11-5
IssuerConstraints Configuration Parameters
Parameter
Description
enable
Specifies whether the rule is enabled or disabled. Select to enable (default), deselect to
disable.
predicate
Specifies the predicate expression for this rule. If you want this rule to be applied to
all certificate requests, leave the field blank (default). To form a predicate expression,
see “Using Predicates in Policy Rules” on page 485.
issuerDN
Specifies the name of the CA that has issued certificates that are to be checked. You
should enter the issuer name as it appears in the CA’s signing certificate; the same
name also appears as the issuer name in certificates the CA signs.
Example:
CN=bulkGenCA,OU=Information Systems,O=Example
Corporation,C=US
Table 11-6
KeyAlgorithmConstraints Configuration Parameters
Parameter
Description
enable
Specifies whether the rule is enabled or disabled. Select to enable (default), deselect to
disable.
predicate
Specifies the predicate expression for this rule. If you want this rule to be applied to
all certificate requests, leave the field blank (default). To form a predicate expression,
see “Using Predicates in Policy Rules” on page 485.
Содержание Certificate Management System 6.1
Страница 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Страница 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 68: ...Support for Open Standards 68 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 166: ...How a Registration Manager Works 166 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 566: ...Managing Policy Plug in Modules 566 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 710: ...1 3 Organization Security Policies 710 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 716: ...Object Identifiers 716 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 762: ...DNs in Certificate Management System 762 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Страница 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Страница 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...