Netscape MANAGEMENT SYSTEM 4.5 - PLUG-IN Manual page 125

The configuration shown in Figure 3-13 creates a policy rule named
ValidityForClientCert
by end users in an organizational unit (
days (two months) and require renewing after 180 days (six months).
Table 3-13 gives details about each of the parameters.
Table 3-13 Description of parameters defined in the ValidityConstraints module
Parameter Description
Specifies whether the rule is enabled or disabled. Check the box to enable the rule
enable
(default). Uncheck the box to disable the rule.
• If you enable the rule and set the remaining parameters correctly, the server sets
• If you disable the rule, the server does not set the configured validity period in
Specifies the predicate expression for this rule. If you want this rule to be applied to
predicate
all certificate requests, leave the field blank (default). To form a predicate expression,
see section "Using Predicates in Policy Rules" in Chapter 18, "Setting Up Policies" of
CMS Installation and Setup Guide.
Example: HTTP_PARAMS.certType==client AND
HTTP_PARAMS.OU==Marketing
Specifies the minimum validity period, in days, for certificates.
minValidity
Permissible values: An integer greater than zero and less than the value specified by
the maxValidity parameter. The default value is 180 days.
Example: 60
Specifies the maximum validity period, in days, for certificates.
maxValidity
Permissible values: An integer greater than zero and also greater than the value
specified by the minValidity parameter. The default value is 730 days.
Example: 180
, which enforces a rule that all client certificates requested
the configured validity period in certificates specified by the predicate
parameter.
certificates; it sets the validity period to the one specified in the request.
ValidityConstraints Plug-in Module
) called Marketing are valid for at least 60
OU
Chapter 3 Constraints Policy Plug-in Modules 125