Defaults Reference
Table 11-8
Parameter
ExcludedSubtree
Enable_<n>
Red Hat Comment Extension Default
This default populates a Red Hat comment extension in the certificate request. The
extension can be used to include textual comments in certificates. Applications that are
capable of interpreting the comment may display it to a relying party when the certificate is
used or viewed.
For general information about this extension, see "netscape-comment" on page 749.
You can define the following constraints with this default:
•
Extension Constraint, see "Extension Constraint," on page 454.
•
No Constraints, see "No Constraint," on page 456.
Table 11-9
Parameter
critical
CommentContent
Netscape Certificate Type Extension Default
This default populates a Netscape Certificate Type extension in the certificate request. The
extension identifies the certificate type—for example, it identifies whether the certificate is
a CA certificate, server SSL certificate, client SSL certificate, object signing certificate, or
S/MIME certificate—and thus enables you to restrict the usage of a certificate to
predetermined purposes.
442
Red Hat Certificate System Administrator's Guide • September 2005
Name Constraints Extension Default Configuration Parameters (Continued)
Description
•
If you selected OtherName, the value must be the absolute path
to the file that contains the base-64 encoded string of the subtree.
For example,
/usr/netscape/servers/ext/nc/othername.txt.
Select true to enable this excluded subtree entry, select false to disable
this excluded subtree entry.
Red Hat Comment Extension Configuration Parameters
Description
Select true to mark this extension critical; select false to mark the
extension noncritical.
Specifies the content of the comment to appear in the certificate.