No inputs are provided to add user supplied extensions to the enrollment form. You can
create an input for this purpose using the CS SDK. You can also submit a request that
contains this information.
You can define the following constraints with this default:
•
Extended Key Usage Constraint, see "Extended Key Usage Extension Constraint," on
page 454.
•
Extension Constraint, see "Extension Constraint," on page 454, Key Constraint see
"Key Constraint," on page 454.
•
Netscape Certificate Type Extension Constraint, see "Netscape Certificate Type
Extension Constraint," on page 456.
•
No Constraints see "No Constraint," on page 456.
User Supplied Key Default
This default populates a user supplied key into the certificate request. This is a required
default. Keys are part of the enrollment request.
You can define the following constraints with this default:
•
Key Constraint, see "Key Constraint," on page 454.
•
No Constraints, see "No Constraint," on page 456.
User Signing Algorithm Default
This default implements an enrollment default policy that populates a user-supplied signing
algorithm into the certificate request. If included in the certificate profile, allows a user to
choose a signing algorithm for the certificate, subject to the constraint set.
No inputs are provided to add signing algorithm choices to the enrollment form. You can
create an input for this purpose using the CS SDK. You can also submit a request that
contains this information.
You can define the following constraints with this default:
•
Signing Algorithm Constraint, see "Signing Algorithm Constraint," on page 457.
•
No Constraints, see "No Constraint," on page 456.
Defaults Reference
Chapter 11
Certificate Profiles
451