Defaults Reference
No Default Extension
This default can be used to set constraints when no defaults are being used. This default has
not settings and sets no defaults, but does allow you to set all of the constraints available.
OCSP No Check Extension Default
This default populates an OCSP No Check extension in the certificate request. The
extension, which should be used in OCSP responder certificates only, indicates how
OCSP-compliant applications can verify the revocation status of the certificate an
authorized OCSP responder uses to sign OCSP responses.
For general information about this extension, see "OCSPNocheck" on page 738.
You can define the following constraints with this default:
•
Netscape Certificate Type Extension Constraint, see "Netscape Certificate Type
Extension Constraint," on page 456.
•
Extension Constraint, see "Extension Constraint," on page 454.
•
No Constraints, see "No Constraint," on page 456.
Table 11-11 OCSP No Check Extension Default Configuration Parameters
Parameter
critical
Policy Constraints Extension Default
This default populates a policy constraints extension in the certificate request. The
extension, which can be used in CA certificates only, constrains path validation in two
ways—either to prohibit policy mapping or to require that each certificate in a path contain
an acceptable policy identifier. The default allows you to specify both,
ReqExplicitPolicy
if present in a CA certificate, the extension must never consist of a null sequence. At least
one of the two specified fields must be present.
For general information about this extension, see "policyConstraints" on page 738.
You can define the following constraints with this default:
444
Red Hat Certificate System Administrator's Guide • September 2005
Description
Select true to mark this extension critical; select false to mark the extension
noncritical.
and
InhibitPolicyMapping
fields. PKIX standard requires that,