Table of Contents
Advertisement
NameConstraintsExt Plug-in Module
Table 4-16 Description of parameters defined in the NameConstraintsExt module (Continued)
Parameter
excludedSubtrees<n>.
min
excludedSubtrees<n>.
max
NameConstraintsExt Rule
The policy rule named
NameConstraintsExt
creates this rule during installation. By default, the rule is configured as follows:
•
The rule is disabled; for the rule to be effective, it must be enabled and
configured appropriately.
•
The predicate expression is set (
that the extension gets added to CA certificates only.
•
The extension is marked critical (to comply with the PKIX recommendation).
•
The total number of permitted subtrees to be contained in the extension is set
to 3 (
208
Netscape Certificate Management System Plug-ins Guide • October 2001
Description
• If you selected otherName, the value must be the absolute path to the
file that contains the base-64 encoded string of the subtree. For
example, /usr/netscape/server4/ext/nc/othername.txt.
Specifies the minimum number of excluded subtrees.
Permissible values: -1, 0, or n.
• -1 specifies that the field should not be set in the extension.
• 0 specifies that the minimum number of subtrees is zero (default).
• n must be an integer that is greater than zero. It specifies at the most n
subtrees are allowed.
Example: 0
Specifies the maximum number of excluded subtrees.
Permissible values: -1, 0, or n.
• -1 specifies that the field should not be set in the extension (default).
• 0 specifies that the maximum number of subtrees is zero.
• n must be an integer that is greater than zero. It specifies at the most n
subtrees are allowed.
Example: 1
NameConstraintsExt
module. Certificate Management System automatically
numPermittedSubtrees=3
is an instance of the
predicate=HTTP_PARAMS.certType==ca
).
) so
Advertisement
Table of Contents
