Certificatescopeofuseext - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Extension-Specific Policy Module Reference
Table 12-19 CertificateRenewalWindowExt Configuration Parameters (Continued)
Parameter
CertificateScopeOfUseExt
The
CertificateScopeOfUseExt
Scope of Use Extension to certificates. The extension enables you to specify a list of web
sites that may request the use of a particular certificate for SSL client authentication, thus
aiding certificate-using applications to select certificates to present to web sites and to
control release of these certificates.
The SSL protocol provides a way for a client application to authenticate itself to a web site
or server. SSL client authentication occurs upon request of the server, and proceeds by
providing a certificate and a signature to the server. The client may have more than one
certificate that could be used to perform this authentication. The SSL protocol provides a
way for the server to indicate which certificate may be useful by listing issuing CAs in one
of the SSL protocol messages.
498
Red Hat Certificate System Administrator's Guide • September 2005
Description
•
n specifies a past or future time, in seconds, by which the certificate must be renewed;
the endTime field of the extension will be set to the specified time since certificate
issuance. You can specify the time period in seconds, minutes, hours, days, or months.
Use the following suffixes to indicate the time unit.
s - seconds
m - minutes
h - hours
D - days
M - months
For example, if you're issuing certificates with a validity period of two years and want the
renewal window to end a month after the certificates expire, and want to specify the
interval in months, you would enter 25M in this field. On the other hand, if you want the
renewal window to end 15 days before certificates expire, then you would set the value to
705D ((23 months x 30 days) + 15 days).
Note that if you choose to extend the renewal window after the expiration date of the
certificate itself, your CA must maintain appropriate status information about the
certificate during that window in order to allow appropriate authentication in the renewal
process. (Automatic renewal may take place after the certificate has expired, when it is not
valid for other purposes.)
Example: 705D
plug-in module enables you to add the Certificate
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
Related Products for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE
- Red Hat APPLICATION STACK 2.0 RELEASE
- Red Hat APPLICATION STACK 2.1 RELEASE
- Red Hat APPLICATION STACK 2.2 RELEASE