Table of Contents
Advertisement
altsubjectdn
chknonce
chktid
keyusage
E-DOC-CTC-20040216-0002 v1.0
The distinguished name for X509v3 extension.
The Subject DN reflects the subject name for the requested
certificate.
To be valid, the value of the parameter subjectdn must be a valid DN
in string representation as specified in RFC1779.
If used, the subject DN should at least always contain the common
name item (cn= ) and one or more of the following other items:
•
common name (cn= )
•
organization unit (ou= )
•
organization (o= )
•
locality (l= )
•
province or state (st= )
•
country (c= ).
Use commas to seperate the items and enclose all items in quotation
marks.
This parameter should only be used in combination with the
dnsname, ipaddress and email parameters to form a SubjectAltName
X509v3 extension in the requested certificate.
Enable (yes) or disable (no) nonce checking.
The default is yes.
Make sure to use chknonce=no for Entrust VPN
Note
connector.
Enable (yes) or disable (no) transaction ID checking.
The default is yes.
Make sure to use chktid=no in case of a Baltimore CA.
Note
The required key usage extensions for the CA.
The quoted string should comply to following syntax [yes/no], [digi-
talSignature, nonRepudiation, keyEncipherment, dataEncipherment,
keyAgreement, keyCertSign, cRLSign, encipherOnly, decipherOnly], [
] ... (see RFC2459).
This parameter is rarely used as most CAs do not require it.
IPSec Commands
OPTIONAL
OPTIONAL
OPTIONAL
OPTIONAL
263
- Quick Links:
- Accessing the Command Line Interface
Hide quick links:
Advertisement
Table of Contents
