Policy Mappers Extension Default - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
Appendix B. Defaults, Constraints, and Extensions for Certificates and CRLs
Parameter
inhibitPolicyMapping
Table B.12. Policy Constraints Extension Default Configuration Parameters
B.1.15. Policy Mappers Extension Default
This default attaches a Policy Mappings extension to the certificate. The extension lists pairs of OIDs,
each pair identifying two policy statements of two CAs. The pairing indicates that the corresponding
policies of one CA are equivalent to policies of another CA. The extension may be useful in the context
of cross-certification. If supported, the extension is included in CA certificates only. The default maps
policy statements of one CA to that of another by pairing the OIDs assigned to their policy statements
Each pair is defined by two parameters, issuerDomainPolicy and subjectDomainPolicy.
The pairing indicates that the issuing CA considers the issuerDomainPolicy equivalent
to the subjectDomainPolicy of the subject CA. The issuing CA's users may accept an
issuerDomainPolicy for certain applications. The policy mapping tells these users which policies
associated with the subject CA are equivalent to the policy they accept.
For general information about this extension, see
The following constraints can be defined with this default:
• Extension Constraint; see
• No Constraints; see
Parameter
critical
IssuerDomainPolicy_n
442
Section B.2.3, "Extension
Section B.2.6, "No
Constraint".
Description
certificate being validated and moving up
the chain. The parameter has no effect if the
extension is set in end-entity certificates.
Specifies the total number of certificates
permitted in the path before policy mapping is no
longer permitted.
• -1 specifies that the field should not be set in
the extension.
• 0 specifies that no subordinate CA certificates
are permitted in the path before policy
mapping is no longer permitted.
• n must be an integer that is greater than
zero. It specifies at the maximum number of
subordinate CA certificates allowed in the path
before policy mapping is no longer permitted.
For example, a value of 1 indicates that policy
mapping may be processed in certificates
issued by the subject of this certificate, but not
in additional certificates in the path.
Section B.3.12,
"policyMappings".
Constraint".
Description
Select true to mark this extension critical; select
false to mark the extension noncritical.
Specifies the OID assigned to the policy
statement of the issuing CA to map with the
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?