Unique Subject Name Constraint; Validity Constraint - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual

Chapter 12. Certificate Profiles
like uid=user, o=Example, c=US satisfies the pattern uid=.*. The subject name cn=user,
o=example,c=US does not satisfy the pattern. uid=.* means the subject name must begin with the
uid attribute; the period-asterisk (.*) wildcards allow any type and number of characters to follow
uid.
It is possible to require internal patterns, such as .*ou=Engineering.*, which requires
the ou=Engineering attribute with any kind of string before and after it. This matches
cn=jdoe,ou=internal,ou=west coast,ou=engineering,o="Example Corp",st=NC as
well as uid=bjensen,ou=engineering,dc=example,dc=com.
Lastly, it is also possible to allow requests that are either one string or another by setting a
pipe sign (|) between the options. For example, to permit subject names that contain either
ou=engineering,ou=people or ou=engineering,o="Example Corp", the pattern is
.*ou=engineering,ou=people.* | .*ou=engineering,o="Example Corp".*.
NOTE
For constructing a pattern which uses a special character, such as a period (.), escape
the character with a back slash (\). For example, to search for the string o="Example
Inc.", set the pattern to o="Example Inc\.".

12.8.10. Unique Subject Name Constraint

The Unique Subject Name constraint restricts the server from issuing multiple certificates with the
same subject names. When a certificate request is submitted, the server automatically checks the
nickname against other issued certificate nicknames. This constraint can be applied to certificate
enrollment through the end-entities' page.
The Unique Subject Name constraint has no configuration parameters.

12.8.11. Validity Constraint

The Validity constraint checks if the validity in the certificate request satisfies the criteria.
Parameter
range
Table 12.27. Validity Constraint Configuration Parameters
286