Issueraltnameext - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

Extension-Specific Policy Module Reference

IssuerAltNameExt

The
IssuerAltNameExt
Extension defined in X.509 and PKIX standard RFC 2459 (see
http://www.ietf.org/rfc/rfc2459.txt
binding of or associating Internet style identities—such as Internet electronic mail address,
a DNS name, an IP address, and a uniform resource indicator (URI)— with the certificate
issuer.
For general information about this extension, see "issuerAltName" on page 735.
Unlike some of the other policy modules, CS does not create an instance of the issuer
alternative name extension policy during installation. If you want the server to add this
extension to certificates, you must create an instance of the
and configure it. For instructions, see section "Step 4. Add New Policy Rules" in Chapter
18, "Setting Up Policies" of CS Administrator's Guide.
Table 12-25 IssuerAltNameExt Configuration Parameters
Parameter
enable
predicate
critical
510 Red Hat Certificate System Administrator's Guide • September 2005
plug-in module enables you to add the Issuer Alternative Name
Description
Specifies whether the rule is enabled or disabled. Select to enable, deselect to
disable.
Specifies the predicate expression for this rule. If you want this rule to be applied
to all certificate requests, leave the field blank (default). To form a predicate
expression, see section "Using Predicates in Policy Rules" in Chapter 18, "Setting
Up Policies" of CS Administrator's Guide.
Example: HTTP_PARAMS.certType==ca
Specifies whether the extension should be marked critical or noncritical. Select to
mark critical (default), deselect to mark noncritical.
) to certificates. This extension enables
IssuerAltNameExt
module