Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual page 524

Extension-Specific Policy Module Reference
Table 12-29 NameConstraintsExt Configuration Parameters (Continued)
Parameter
524 Red Hat Certificate System Administrator's Guide • September 2005
Description
Permissible values: Depends on the general-name type you selected in the
excludedSubtrees<n>.base.generalNameChoice field.
• If you selected rfc822Name, the value must be a valid Internet mail address
in the local-part@domain format; see the definition of an rfc822Name
as defined in RFC 822 (http://www.ietf.org/rfc/rfc0822.txt).
You may use upper and lower case letters in the mail address; no significance
is attached to the case. For example, testCA@example.com.
• If you selected directoryName, the value must be a string form of X.500
name, similar to the subject name in a certificate, in the RFC 2253 syntax (see
http://www.ietf.org/rfc/rfc2253.txt). Note that RFC 2253
replaces RFC 1779. For example, CN=SubCA,OU=Research
Dept,O=Example Corporation,C=US.
• If you selected dNSName, the value must be a valid domain name in the
preferred-name syntax as specified by RFC 1034
(http://www.ietf.org/rfc/rfc1034.txt). You may use upper
and lower case letters in the domain name; no significance is attached to the
case. Do not use the string " " for the DNS name. Also don't use the DNS
representation for Internet mail addresses; such identities should be encoded as
rfc822Name. For example, testCA.example.com.
• If you selected ediPartyName, the value must be an IA5String. For
example, Example Corporation.
• If you selected URL, the value must be a non-relative universal resource
identifier (URI) following the URL syntax and encoding rules specified in
RFC 1738. That is, the name must include both a scheme (for example, http)
and a fully qualified domain name or IP address of the host. For example,
http://testCA.example.com.