Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 142
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
Chapter 4. Requesting, Enrolling, and Managing Certificates
renewal=true
The renewal grace period is set through the Renewal Grace Period Constraint (in
"Renewal Grace Period
before and after the expiration date that renewal can be allowed.
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
...
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.10.default.name=No Default
These two configuration settings have to be set in the original enrollment profile, not the renewal
profile. The rules for the renewal grace period are part of the original certificate and are carried over
and applied for any subsequent renewals.
4.7.2.3. Creating the Renewal Profile
A renewal profile is much simpler than a standard enrollment profile because it does not need to
define any defaults, extensions, or constraints; all of that information is already contained in the
original certificate.
What a renewal profile does define is whether renewal is allowed, the input to use to locate the original
certificate, and the output of the regenerated certificate.
The renewal option, as with the original profile, is set to either true or false.
renewal=true
The original profile must allow renewal, but the renewal profile can set the renewal is not allowed,
which means that a certificate can only be renewed once.
The input depends on the way that the certificate renewal request is authorized. For agent-approved
and directory-based authorization, the identity of the requester is verified independently, and then the
specified certificate is pulled up using its serial number:
input.i1.class_id=serialNumRenewInputImpl
For agent-based authentication, no authorization method is required; the request will be manually
reviewed and approved by a CA agent. In this case, the auth.instance_id parameter is empty.
desc=This certificate profile is for renewing certificates to be approved manually by agents.
visible=true
enable=true
enableBy=admin
renewal=true
auth.instance_id=
name=Renew certificate to be manually approved by agents
input.list=i1
input.i1.class_id=serialNumRenewInputImpl
outputlist=o1
120
Constraint"). This constraint has two parameters, setting the time period
Section B.2.8,
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Cluster Suite
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?