1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Software
  5. NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN
  6. Manual

Cmcertkeyusageext Rule - Netscape MANAGEMENT SYSTEM 4.5 - PLUG-IN Manual

Hide thumbs
Table of Contents

Advertisement

KeyUsageExt Plug-in Module
Table 4-15 Description of parameters defined in the KeyUsageExt module (Continued)
Parameter
encipherOnly
decipherOnly

CMCertKeyUsageExt Rule

The policy rule named
module. This rule is for setting the appropriate key-usage bits in Certificate
Manager CA signing certificates; see section "CA Signing Key Pair and Certificate"
in Chapter 14, "Managing CMS Keys and Certificates" of CMS Installation and Setup
Guide. By default, the rule is configured as follows:
The rule is enabled.
The predicate expression (
that the rule is applied only to CA signing certificate requests.
The extension is marked noncritical (to comply with the PKIX
recommendation).
194
Netscape Certificate Management System Plug-ins Guide • October 2001
Description
Specifies whether to set the encipherOnly bit (or bit 7) of the key usage extension
in certificates specified by the predicate parameter.
Permissible values: true, false, or HTTP_INPUT.
• Select true if you want the server to set the bit (default).
• Select false if you don't want the server to set the bit.
• Select HTTP_INPUT if you want the server to check the certificate request for
the HTTP input variable corresponding to the encipherOnly bit and set the
bit accordingly. If the variable is set to true, the server sets the bit. If the
variable doesn't exist or if it is set to false (or any other value), the server
doesn't set the bit.
Specifies whether to set the decipherOnly bit (or bit 8) of the key usage extension
in certificates specified by the predicate parameter.
Permissible values: true, false, or HTTP_INPUT.
• Select true if you want the server to set the bit (default).
• Select false if you don't want the server to set the bit.
• Select HTTP_INPUT if you want the server to check the certificate request for
the HTTP input variable corresponding to the decipherOnly bit and set the
bit accordingly. If the variable is set to true, the server sets the bit. If the
variable doesn't exist or if it is set to false (or any other value), the server
doesn't set the bit.
CMCertKeyUsageExt
is an instance of the
predicate=HTTP_PARAMS.certType==ca
KeyUsageExt
) ensures

Advertisement

Table of Contents
loading

Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN

Related Content for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN

This manual is also suitable for:

Netscape management system 4.5

Table of Contents