Subject Directory Attributes Extension Default
277
Parameter
Description
• Select
EDIPartyName
if the request-attribute value is an
EDI party name. For example,
Example Corporation
.
• Select
URIName
if the request-attribute value is a non-
relative URI that includes both a scheme, such as
http
, and
a fully qualified domain name or IP address of the host. For
example,
http://hr.example.com
.
• Select
IPAddress
if the request-attribute value is a valid
IP address specified in dot-separated numeric component
notation. For example,
128.21.39.40
.
• Select
OIDName
if the request-attribute value is a unique,
valid OID specified in the dot-separated numeric component
notation. For example,
1.2.3.4.55.6.5.99
.
• Select
OtherName
for names with any other format.
This supports
PrintableString
,
IA5String
,
UTF8String
,
BMPString
,
Any
, and
KerberosName
.
PrintableString
,
IA5String
,
UTF8String
,
BMPString
, and
Any
are a string which specifies the path
to a base-64 encoded file which sets the subtree, such as
/
var/lib/rhpki-ca/othername.txt
.
KerberosName
has the format
Realm|NameType|NameStrings
, such as
realm1|0|userID1,userID2
.
Table 12.17. Subject Alternative Name Extension Default Configuration Parameters
12.7.18. Subject Directory Attributes Extension Default
This default attaches a Subject Directory Attributes extension to the certificate. The Subject Directory
Attributes extension conveys any desired directory attribute values for the subject of the certificate.
The following constraints can be defined with this default:
• Extension Constraint; see
Section 12.8.3, “Extension Constraint”
.
• No Constraints; see
Section 12.8.6, “No Constraint”
.
Parameter
Description
Critical
Select
true
to mark this extension critical; select
false
to
mark the extension noncritical.
Name
The attribute name; this can be any LDAP directory attribute,
such as
cn
or
.
Pattern
Specifies the request attribute value to include in the
extension. The attribute value must conform to the allowed
values of the attribute. If the server finds the attribute, it sets
the attribute value in the extension and adds the extension to
certificates. If multiple attributes are specified and none of the
attributes are present in the request, the server does not add
the Subject Directory Attributes extension to certificates. For
example,
$request.requester_email$
.
Содержание CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
Страница 36: ...Chapter 1 Overview 16 Figure 1 4 Certificate System Architecture ...
Страница 144: ...124 ...
Страница 160: ...140 ...
Страница 208: ...188 ...
Страница 210: ...190 ...
Страница 256: ...236 ...
Страница 282: ...Chapter 12 Certificate Profiles 262 Parameter IssuerName_n IssuerType_n ...
Страница 285: ...Freshest CRL Extension Default 265 Parameter PointName_n PointIssuerName_n ...
Страница 335: ...Configuring Mappers 315 Figure 14 9 Selecting a New Mapper Type 6 Edit the mapper instance and click OK ...
Страница 362: ...342 ...
Страница 376: ...356 ...
Страница 436: ...416 ...
Страница 490: ...470 ...
Страница 504: ...484 ...