Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual page 470
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Introduction to Policy
Assuming that the new attribute you define for the organizational unit is
you would add to the enrollment form would be:
<input type="HIDDEN" name="orgunit" value="Sales">
To add this line to an enrollment form, you would:
Open the corresponding HTML file in a text editor.
1.
Locate the section that lists the HTTP input variables.
2.
Add this line:
3.
Save your changes and close the file.
4.
For the server to use the attribute (to distinguish enrollment requests from users in the Sales
unit versus those in the Manufacturing unit) to issue certificates with the appropriate
validity periods, you must formulate your predicate expression with the attribute you added.
Here's how you do this:
Create a new instance of the
1.
Enter the appropriate values for all the attributes.
2.
Assume you named the instance
10 days, set the maximum validity period to 180 days, defined the predicate expression
as
(This expression specifies that the policy be applied to only client certificate requests
from users in the organizational unit named Sales.)
A sample of the resulting configuration entries in the CS configuration file would be as
follows:
ca.Policy.rule.ValidityRule1.enable=true
ca.Policy.rule.ValidityRule1.implName=ValidityConstraints
ca.Policy.rule.ValidityRule1.maxValidity=180
ca.Policy.rule.ValidityRule1.minValidity=10
ca.Policy.rule.ValidityRule1.predicate=HTTP_PARAMS.certType==
Now, for setting the validity period in certificates of users who are not in the Sales
organization—in this case, this would be Manufacturing—you would create another
instance of
values.
Assume you named the instance
60 days, set the minimum validity period to 10 days, defined the predicate expression
as
(This expression specifies that the policy be applied to only client certificate requests
from users who are not in the organizational unit named Sales.)
470
Red Hat Certificate System Administrator's Guide • September 2005
<input type="HIDDEN" name="orgunit" value="Sales">
HTTP_PARAMS.certType==client AND HTTP_PARAMS.orgunit==Sales
client AND HTTP_PARAMS.orgunit==Sales
ValidityConstraints
HTTP_PARAMS.certType==client AND HTTP_PARAMS.orgunit!=Sales
ValidityConstraints
, set the minimum validity period to
ValidityRule1
policy rule as before with a different set of
, set the maximum validity period to
ValidityRule1
, the line
orgunit
policy plug-in implementation.
.
.
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
Related Products for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE
- Red Hat APPLICATION STACK 2.0 RELEASE
- Red Hat APPLICATION STACK 2.1 RELEASE
- Red Hat APPLICATION STACK 2.2 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?