Constraints-Specific Policy Module Reference
Chapter
11
Policies
501
RenewalConstraints
The
RenewalConstraints
plug-in module imposes constraints on renewal of
expired certificates—it allows or restricts the server from renewing expired
certificates. You may apply this policy to end-entity certificate renewal requests.
During installation, CMS automatically creates an instance of the renewal
constraints policy, named
RenewalConstraintsRule
, that is enabled by default.
Table 11-7 describes the configuration parameters of the
RenewalConstraints
policy.
RenewalValidityConstraints
The
RenewalValidityConstraints
plug-in module governs the formulation of
content in the renewed certificate based on the currently issued certificate.
algorithms
Specifies the key type the server should certify. The default is RSA.
Permissible values:
RSA
or
RSA
.
Table 11-7
RenewalConstraints Configuration Parameters
Parameter
Description
enable
Specifies whether the rule is enabled or disabled. Select to enable the rule
(default). Deselect to disable the rule.
predicate
Specifies the predicate expression for this rule. If you want this rule to be applied
to all certificate requests, leave the field blank (default). To form a predicate
expression, see “Using Predicates in Policy Rules” on page 485.
allowExpiredCerts
Specifies whether to allow or prevent renewal of expired certificates. Select if you
want the server to renew expired certificates (default). Deselect if you don’t want
the server to renew expired certificates.
renewalNotAfter
Specifies how long, in days, after the expiration of a certificate can it be renewed.
The default value is 30 days. If you leave the field blank, the server will renew all
expired certificates that are submitted for renewal.
Table 11-6
KeyAlgorithmConstraints Configuration Parameters (Continued)
Parameter
Description
Содержание Certificate Management System 6.1
Страница 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Страница 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 68: ...Support for Open Standards 68 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 166: ...How a Registration Manager Works 166 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 566: ...Managing Policy Plug in Modules 566 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 710: ...1 3 Organization Security Policies 710 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 716: ...Object Identifiers 716 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 762: ...DNs in Certificate Management System 762 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Страница 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Страница 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...