Extension-Specific Policy Module Reference
516
Netscape Certificate Management System Administrator’s Guide • February 2003
CertificatePoliciesExt
The
CertificatePoliciesExt
plug-in module enables you to add the Certificate
Policies Extension in certificates. The extension contains a sequence of one or more
policy statements, each indicating the policy under which the certificate has been
issued and identifying the purposes for which the certificate may be used. Presence
of this extension in certificates enables an application with specific policy
requirements to compare its list of policies to the ones contained in a certificate
during its validation; typically, such applications will have a list of policies (which
they will accept) and compare the policies in the certificate to their list as a part
validating the certificate.
For general information about this extension, see “certificatePolicies” on page 725.
During installation, CMS automatically creates an instance of the certificate policies
extension policy, named
CertificatePoliciesExt
, that is disabled by default.
Table 11-18
CertificatePoliciesExt Configuration Parameters
Parameter
Description
enable
Specifies whether the rule is enabled or disabled. Select to enable, deselect to
disable.
predicate
Specifies the predicate expression for this rule. If you want this rule to be applied to
all certificate requests, leave the field blank (default). To form a predicate
expression, see “Using Predicates in Policy Rules” on page 485.
critical
Specifies whether the extension should be marked critical or noncritical. Select to
mark critical, deselect to mark noncritical (default).
policyId
Specifies the OID assigned to the policy statement you want to include in the
extension. If you specify a valid OID, the server includes the OID in the extension.
The
policyId
, if specified, identifies by number a particular textual statement
prepared by your organization (which is specified by the parameter named
organizationName
, listed next in this table). For example, it might identify the
organization as
Example Corporation
and notice number
1.2.3.4.5.6.99
.
Typically, applications validating the certificate will have a notice file containing
the current set of notices for your company; these application will interpret the
number in the certificate by extracting the notice text that corresponds to the
number from the file and display it to the relying party.
Permissible values: A unique, valid OID specified in dot-separated numeric
component notation (see the example). Although you can invent your own OIDs
for the purposes of evaluating and testing this server, in a production environment,
you should comply with the ISO rules for defining OIDs and for registering
subtrees of IDs. See
Appendix H, “Object Identifiers”
for information on
allocating private OIDs.
Содержание Certificate Management System 6.1
Страница 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Страница 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 68: ...Support for Open Standards 68 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 166: ...How a Registration Manager Works 166 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 566: ...Managing Policy Plug in Modules 566 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 710: ...1 3 Organization Security Policies 710 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 716: ...Object Identifiers 716 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 762: ...DNs in Certificate Management System 762 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Страница 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Страница 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...