Certificatepoliciesext - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Extension-Specific Policy Module Reference
Table 12-17 BasicConstraintsExt Configuration Parameters (Continued)
Parameter
Description
Specifies whether the certificate subject is a CA. If you select the option, the server checks the
isCA
maxPathLen parameter and sets the specified path length in the certificate. If you deselect
the option, the server treats the certificate subject as a non-CA and ignores the value specified
for the maxPathLen parameter.
Specifies the path length, the maximum number of CA certificates that may be chained below
maxPathLen
(subordinate to) the subordinate CA certificate being issued. Note that the path length you
specify affects the number of CA certificates to be used during certificate validation. The chain
starts with the end-entity certificate being validated and moving up the chain.
The maxPathLen parameter has no effect if the extension is set in end-entity certificates.
Permissible values: 0 or n. Make sure that the value you choose is less than the path length
specified in the Basic Constraints extension of the CA signing certificate (owned by the CA
that will issue these certificates).
•
•
•
CertificatePoliciesExt
The
CertificatePoliciesExt
Policies Extension in certificates. The extension contains a sequence of one or more policy
statements, each indicating the policy under which the certificate has been issued and
identifying the purposes for which the certificate may be used. Presence of this extension in
certificates enables an application with specific policy requirements to compare its list of
policies to the ones contained in a certificate during its validation; typically, such
applications will have a list of policies (which they will accept) and compare the policies in
the certificate to their list as a part validating the certificate.
For general information about this extension, see "certificatePolicies" on page 733.
494
Red Hat Certificate System Administrator's Guide • September 2005
0 specifies that no subordinate CA certificates are allowed below the subordinate CA
certificate being issued—that is, only an end-entity certificate may follow in the path.
n must be an integer greater than zero. It specifies at the most n subordinate CA
certificates are allowed below the subordinate CA certificate being used.
If you leave the field blank, the path length defaults to a value that is determined by the
path length set on the Basic Constraints extension in the issuer's certificate. If the issuer's
path length is unlimited, the path length in the subordinate CA certificate will also be
unlimited. If the issuer's path length is an integer greater than zero, the path length in the
subordinate CA certificate will be set to a value that's one less than the issuer's path
length; for example, if the issuer's path length is 4, the path length in the subordinate CA
certificate will be set to 3.
plug-in module enables you to add the Certificate
Advertisement
Table of Contents
