Uniquesubjectnameconstraints - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Table 12-12 describes the configuration parameters of the
policy.
Table 12-12 SubCANameConstraints Configuration Parameters
Parameter
Description
Specifies whether the rule is enabled or disabled. Select to enable, deselect to disable (default).
enable
Specifies the predicate expression for this rule. If you want this rule to be applied to all
predicate
certificate requests, leave the field blank (default). To form a predicate expression, see "Using
Predicates in Policy Rules" on page 465.
UniqueSubjectNameConstraints
The
UniqueSubjectNameConstraints
multiple certificates with same subject names. Optionally, you can also configure the server
to allow multiple certificates with the same subject name if the key usages are different.
Note that key usages for certificates are usually specified by the key usage extension and CS
allows you to add this extension to certificates using the key usage extension policy
explained in "KeyUsageExt" on page 513.
You may apply the unique subject name constraints policy to end-entity certificate
enrollment and renewal requests. For example, if you want to prevent your users from
requesting multiple certificates with same subject names, you can configure the server
accordingly using the policy. Alternatively, if you want to allow your users to own multiple
certificates, each for a different use, all having the same subject name, you can do so easily
using the
parameter makes the server check whether the key usages specified in the certificate request
being processed is different than those specified in the existing certificates that have the
same subject names and accordingly issue or deny the certificate. Keep in mind that the
server can check for key usages only if the key usage extension bits are set in the certificate
request being processed as well as in the existing certificates that have the same subject
names.
During installation, CS automatically creates an instance of the unique subject name
constraints policy, named
Table 12-13 describes the configuration parameters of the
UniqueSubjectNameConstraints
enableKeyUsageExtensionChecking
UniqueSubjectNameConstraints
Constraints-Specific Policy Module Reference
SubCANameConstraints
plug-in module restricts the server from issuing
parameter defined in this policy. This
policy.
, that is disabled by default.
Chapter 12
Policies
485
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
Related Products for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE
- Red Hat APPLICATION STACK 2.0 RELEASE
- Red Hat APPLICATION STACK 2.1 RELEASE
- Red Hat APPLICATION STACK 2.2 RELEASE