1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Software
  5. NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN
  6. Manual

Configuration Parameters Of Subjectkeyidentifierext - Netscape MANAGEMENT SYSTEM 4.5 - PLUG-IN Manual

Hide thumbs
Table of Contents

Advertisement

SubjectKeyIdentifierExt Plug-in Module
The subject key identifier extension policy in Certificate Management System
allows setting of the subject key identifier extension as defined in its X.509
definition. It enables you to specify the method for forming the Key Identifier.
By default, the policy supports three types of methods for deriving the Key
Identifier; the default methods for forming the Key Identifier are based on PKIX
recommendations as defined in section 4.2.1.2. They are as follows:
20 byte (160 bit) SHA-1 hash of the BIT STRING of Subject Public Key.
A type field value of 0100 followed by 60 least significant bits of the SHA-1
hash of the Subject Public Key.
20 byte (160 bit) SHA-1 hash of the Subject Public Key Info. This is how
Netscape Communicator generates a Key Identifier (but is not necessary to be
compatible with the Communicator).
You can also customize the method for deriving the Key Identifier by subclassing
the policy and overriding the following method:
formKeyIdentifier(X509CertInfo certInfo, IRequest req)
For details, check the CMS SDK installed at this location:
<server_root>/cms_sdk/cms_jdk/javadocs
You may also want to check the CMS samples installed here:
<server_root>/cms_sdk/cms_jdk/samples/policies
If enabled, the policy adds a Subject Key Identifier Extension to an enrollment
request if the extension does not already exist. If the extension exists in the request,
for example from a CRMF request, the policy replaces the extension. In case of
manual enrollments, after an agent approves the enrollment request, the policy
accepts any Subject Key Identifier Extension that is already there.
During installation, Certificate Management System automatically creates an
instance of the subject key identifier extension policy. See "SubjectKeyIdentifierExt
Rule" on page 246.
Configuration Parameters of
SubjectKeyIdentifierExt
In the CMS configuration file, the
identified as
com.netscape.certsrv.policy.SubjectKeyIdentifierExt
<subsystem>
244
Netscape Certificate Management System Plug-ins Guide • October 2001
<subsystem>.Policy.impl.SubjectKeyIdentifierExt.class=
is
or
(prefix identifying the subsystem).
ca
ra
SubjectKeyIdentifierExt
module is
, where

Advertisement

Table of Contents
loading

Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN

Related Content for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN

This manual is also suitable for:

Netscape management system 4.5

Table of Contents