Introduction To Policy; About Policy - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Introduction to Policy
Introduction to Policy
You can configure the main subsystems of CS—the Certificate Manager, Registration
Manager, and Data Recovery Manager—to apply certain organizational policies on an
end-entity's certificate enrollment and management requests before servicing them. For
example, some of the policies you might want a Certificate Manager to impose on these
requests may include setting a minimum and maximum limit on validity period and key
length of certificates, setting extensions based on the end entity's role within an
organization, setting signing algorithms, and so on.
This section provides an overview of policy in general. Topics include:
•
About Policy
•
Policy Rules
•
Policy Processor
About Policy
Policy refers to a set of rules that CS uses to evaluate or verify an incoming request from an
end entity and to determine the outcome; the incoming requests that are governed by
policies include certificate issuance, certificate renewal, certificate revocation, key archival,
and key recovery requests. For example, in the case of a certificate issuance request, the
outcome would be the certificate content.
•
A Certificate Manager's policy can include rules for evaluating certificate formulation,
signing, renewal, and revocation requests. For example, you can configure a Certificate
Manager's policy to impose restrictions on validity length, key type, key length,
subject name, extensions, and signing algorithm during certificate issuance.
•
A Registration Manager's policy can include rules for verifying incoming certificate
issuance, renewal, and revocation requests from end entities in order to formulate the
certificate content before forwarding the requests to a Certificate Manager for signing.
For example, you can configure a Registration Manager's policy to impose restrictions
on validity period, key length, subject name, and extensions. In general, policies for
Registration Manager are largely the same as for Certificate Manager.
•
A Data Recovery Manager's policy can include rules for verifying users' encryption
private key archival and recovery requests.
Using policies, you can configure CS to perform one or more of the following operations on
each certificate issuance or management request it receives:
462
Red Hat Certificate System Administrator's Guide • September 2005
Advertisement
Table of Contents
