Table of Contents
Advertisement
PolicyConstraintsExt Plug-in Module
PolicyConstraintsExt Plug-in Module
The
PolicyConstraintsExt
extension policy. This policy enables you to configure Certificate Management
System to add the Policy Constraints Extension defined in X.509 and PKIX standard
RFC 2459 (see
extension, which can be used in CA certificates only, constrains path validation in
two ways—either to prohibit policy mapping or to require that each certificate in a
path contain an acceptable policy identifier.
The policy constraints extension policy in Certificate Management System allows
setting of the policy constraints extension as defined in its X.509 definition. The
policy allows you to specify both,
inhibitPolicyMapping
certificate, the extension must never consist of a null sequence. At least one of the
two specified fields must be present. Before configuring the server to add the
policy constraints extension to certificates, read the general guidelines provided in
"policyConstraints" on page 353.
During installation, Certificate Management System automatically creates an
instance of the policy constraints extension policy. See "PolicyConstraintsExt Rule"
on page 225.
Configuration Parameters of
PolicyConstraintsExt
In the CMS configuration file, the
ca.Policy.impl.PolicyConstraintsExt.class=com.netscape.certsrv.
policy.PolicyConstraintsExt
In the CMS window, the module is identified as
4-23 shows how the configurable parameters for the module are displayed in the
CMS window.
222
Netscape Certificate Management System Plug-ins Guide • October 2001
plug-in module implements the policy constraints
http://www.ietf.org/rfc/rfc2459.txt
requireExplicitPolicy
fields. PKIX standard requires that, if present in a CA
PolicyConstraintsExt
.
) to certificates. The
and
module is identified as
PolicyConstraintsExt
. Figure
Advertisement
Table of Contents
