Table of Contents
Advertisement
DefaultValidityRule Rule
The rule named
DefaultValidityRule
ValidityConstraints
creates this rule during installation. By default, the rule is configured as follows:
•
The rule is enabled.
•
The predicate expression is left blank so that the rule is applied to all certificate
enrollment and renewal requests processed by the server.
•
The minimum validity period allowed for certificates is 1 day
(
).
minValidity=1
•
The maximum validity period allowed for certificates is 365 days
(
maxValidity=365
•
The lead time allowed is 10 minutes (
•
The lag time allowed is 10 minutes (
•
The the number of minutes to subtract from the current time when creating the
value for the certificate's
For details on individual parameters defined in the rule, see Table 3-13 on
page 125. You need to review this rule and make the changes appropriate for your
PKI setup. For instructions, see section "Step 2. Modify Existing Policy Rules" in
Chapter 18, "Setting Up Policies" of CMS Installation and Setup Guide. For
instructions on adding additional instances, see section "Step 4. Add New Policy
Rules" in the same chapter.
is an instance of the
module. Certificate Management System automatically
).
leadTime=10
lagTime=10
attribute is 5 minutes (
notBefore
Chapter 3
ValidityConstraints Plug-in Module
).
).
notBeforeSkew=5
Constraints Policy Plug-in Modules
).
127
Advertisement
Table of Contents
