Table 12-38 RemoveBasicConstraintsExt Configuration Parameters
Parameter
enable
predicate
SubjectAltNameExt
The
SubjectAltNameExt
Name Extension to certificates. The extension enables you to bind additional
identities—such as Internet electronic mail address, a DNS name, an IP address, and a
uniform resource indicator (URI)—to the subject of the certificate.
For general information about this extension, see "subjectAltName" on page 740.
The standard suggests that if the certificate subject field contains an empty sequence, then
the subject alternative name extension must contain the subject's alternative name and that
the extension be marked critical.
If you're using any of the directory-based authentication methods, you can configure CS to
retrieve values for any string and byte attributes from the directory and set them in the
certificate request during authentication—you specify these attributes by entering them in
the
ldapStringAttributes
enrollment modules.
Note that all data related to an end entity is gathered at the servlet level and set on the
request before the request is passed to the policy subsystem.
In general, you can configure which attributes should or shouldn't be stored in the request;
for example, you can exclude sensitive attributes such as passwords from getting stored in
the request with the help of the parameter named
configuration file. For details on using this parameter, see the description for
in section "JavaScript Used By All Interfaces" of CS Customization Guide. You can also
distinguish the attributes based on their origin—that is, whether they originated from the
enrollment form or where added to the request during the authentication process.
Authenticated attributes have
and non-authenticated attributes such as the ones that come from the HTTP input have
HTTP_PARAMS
Description
Specifies whether the rule is enabled or disabled. Select to enable, deselect to disable.
Specifies the predicate expression for this rule. If you want this rule to be applied to all
certificate requests, leave the field blank (default). To form a predicate expression, see
"Using Predicates in Policy Rules," on page 465.
plug-in module enables you to add the Subject Alternative
and
AUTH_TOKEN
as prefix (for example,
ldapByteAttributes
dontSaveHttpParams
as prefix (for example,
HTTP_PARAMS.csrRequestorEmail
Extension-Specific Policy Module Reference
fields defined in the automated
defined in the CS
HTTP_PARAMS
AUTH_TOKEN.mail
).
Chapter 12
Policies
)
535
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?