Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual page 478
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Constraints-Specific Policy Module Reference
•
The minimum and maximum sizes for keys
•
The sizes of exponents
The policy restricts the key size to one of the sizes, such as 512 or 1024, supported by CS.
You may apply this policy to end-entity certificate enrollment and renewal requests. For
example, if you want your CA to certify public keys up to 512 bits in length for end users
and 1024 for servers, you can configure CS to do so using the policy.
During installation, CS automatically creates an instance of the DSA key constraints policy,
named
Table 12-4 describes the configuration parameters of the
Table 12-4
DSAKeyConstraints Configuration Parameters
Parameter
Description
Specifies whether the rule is enabled or disabled. Select to enable (default), deselect to disable.
enable
Specifies the predicate expression for this rule. If you want this rule to be applied to all
predicate
certificate requests, leave the field blank (default). To form a predicate expression, see "Using
Predicates in Policy Rules" on page 465.
Specifies the minimum length, in bits, for the key (the length of the modulus in bits). The value
minSize
must be smaller than or equal to the one specified by the maxSize parameter. Permissible
values: 512 or 1024. You may also enter a custom key size that is between 512 and 1024, in
increments of 64 bits. The default value is 512.
Specifies the maximum length, in bits, for the key. Permissible values: 512 or 1024. You
maxSize
may also enter a custom key size that is between 512 and 1024, in increments of 64 bits. The
default value is 1024.
Limits the possible public exponent values. Use commas to separate different values.
exponents
Some exponents are more widely used than others. The following exponent values are
recommended for arithmetic and security reasons: 17 and 65537. Of these two values,
65537 is preferred. (This setting is mainly an issue if you are using your own software for
generating key pairs. Key-generation programs in
65537.)
Permissible values: A combination of 3, 7, 17, and 65537, separated by commas. The default
value is 3,7,17,65537.
478
Red Hat Certificate System Administrator's Guide • September 2005
, that is enabled by default.
DSAKeyRule
DSAKeyConstraints
Red Hat
clients and servers use 3 or
policy.
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
Related Products for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE
- Red Hat APPLICATION STACK 2.0 RELEASE
- Red Hat APPLICATION STACK 2.1 RELEASE
- Red Hat APPLICATION STACK 2.2 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?
Questions and answers