1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Software
  5. NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN
  6. Manual

Dsakeyrule Rule; Issuerconstraints Plug-In Module - Netscape MANAGEMENT SYSTEM 4.5 - PLUG-IN Manual

Hide thumbs
Table of Contents

Advertisement

IssuerConstraints Plug-in Module

DSAKeyRule Rule

The rule named
Certificate Management System automatically creates this rule during installation.
By default, the rule is configured as follows:
The rule is enabled.
The predicate expression is left blank so that the rule is applied to all certificate
enrollment and renewal requests processed by the server.
The minimum key size permitted for certificates is 512 bits (
The maximum key size permitted for certificates is 1024 bits (
The exponents allowed are 3, 7, 17, and 65537 (
For details on individual parameters defined in the rule, see Table 3-3 on page 95.
You need to review this rule and make the changes appropriate for your PKI setup.
For instructions, see section "Step 2. Modify Existing Policy Rules" in Chapter 18,
"Setting Up Policies" of CMS Installation and Setup Guide. For instructions on
adding additional instances, see section "Step 4. Add New Policy Rules" in the
same chapter.
IssuerConstraints Plug-in Module
The
IssuerConstraints
The policy enables you to effectively deploy certificate-based enrollment explained
in "Certificate-Based Enrollment" on page 52.
The policy enables the Certificate Manager to authenticate an end user by checking
the issuer DN of the CA that has issued the certificate the user presents as an
enrollment token during enrollment. Note that in the current implementation, the
CA that issues the new certificates must be the same as the one that has issued the
certificates used for SSL client authentication; that is, the issuer DN in the
authentication certificate must match the issuer DN specified in the policy
configuration.
During installation, Certificate Management System automatically creates an
instance of the issuer constraints policy. See "IssuerRule Rule" on page 98. The
server also provides appropriate enrollment forms for the three certificate-based
enrollment scenarios explained above; see "Enrollment Forms" on page 55.
96
Netscape Certificate Management System Plug-ins Guide • October 2001
is an instance of the
DSAKeyRule
plug-in module implements the issuer constraints policy.
DSAKeyConstraints
minSize=512
maxSize=1024
exponents=3,7,17,65537
module.
).
).
).

Advertisement

Table of Contents
loading

Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN

Related Content for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN

This manual is also suitable for:

Netscape management system 4.5

Table of Contents