Policy Mappers Extension Default; Signing Algorithm Default - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual

Chapter 13. Certificate Profiles
Parameter
Table 13.14. Policy Constraints Extension Default Configuration Parameters

13.7.15. Policy Mappers Extension Default

This default attaches a Policy Mappings extension to the certificate. The extension lists pairs of OIDs,
each pair identifying two policy statements of two CAs. The pairing indicates that the corresponding
policies of one CA are equivalent to policies of another CA. The extension may be useful in the context
of cross-certification. If supported, the extension is included in CA certificates only. The default maps
policy statements of one CA to that of another by pairing the OIDs assigned to their policy statements
Each pair is defined by two parameters, issuerDomainPolicy and subjectDomainPolicy.
The pairing indicates that the issuing CA considers the issuerDomainPolicy equivalent
to the subjectDomainPolicy of the subject CA. The issuing CA's users may accept an
issuerDomainPolicy for certain applications. The policy mapping tells these users which policies
associated with the subject CA are equivalent to the policy they accept.
For general information about this extension, see
The following constraints can be defined with this default:
• Extension Constraint; see
Section 13.8.6, "No
• No Constraints; see
Parameter
critical
IssuerDomainPolicy_n
SubjectDomainPolicy_n
Table 13.15. Policy Mappings Extension Default Configuration Parameters

13.7.16. Signing Algorithm Default

This default attaches a signing algorithm in the certificate request. This default presents an agent with
the possible algorithms that can be used for signing the certificate.
308
Section A.3.12,
Section 13.8.3, "Extension
Constraint".
"policyMappings".
Constraint".