1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Software
  5. NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
  6. Manual

Signingalgrule Rule; Subcanameconstraints Plug-In Module - Netscape MANAGEMENT SYSTEM 6.0 - PLUG-IN Manual

Hide thumbs
Table of Contents

Advertisement

SubCANameConstraints Plug-in Module

SigningAlgRule Rule

The rule named
SigningAlgorithmConstraints
automatically creates this rule during installation. By default, the rule is configured
as follows:
The rule is enabled.
The predicate expression is left blank so that the rule is applied to all certificate
enrollment and renewal requests processed by the server.
The signature algorithms allowed are MD5 with RSA, MD2 with RSA, and
SHA-1 with RSA (
For details on individual parameters defined in the rule, see Table 3-10 on
page 113. You need to review this rule and make the changes appropriate for your
PKI setup. For instructions, see section "Step 2. Modify Existing Policy Rules" in
Chapter 18, "Setting Up Policies" of CMS Installation and Setup Guide. For
instructions on adding additional instances, see section "Step 4. Add New Policy
Rules" in the same chapter.
SubCANameConstraints Plug-in Module
The
SubCANameConstraints
name constraints policy. This policy restricts a CA from issuing a subordinate CA
certificate that has the same issuer name as that of the CA itself—that is, the policy
prevents a situation where the signing certificates of a CA and its subordinate CA
have identical issuer names.
This policy must be turned on if you're planning to issue subordinate CA
certificates. The reason for this is that, whenever the Certificate Manager issues a
certificate, it stores the related information in its internal database; see Chapter 12,
"Setting Up Internal Database" of CMS Installation and Setup Guide. If the CA
issues a subordinate CA certificate with an issuer DN that matches its own issuer
DN, the internal database will not function properly.
You may apply this policy to CA certificate enrollment and renewal requests.
During installation, Certificate Management System automatically creates an
instance of the subordinate CA name constraints policy. See
"SubCANameConstraints Rule" on page 116.
114
Netscape Certificate Management System Plug-Ins Guide • March 2002
is an instance of the
SigningAlgRule
module. Certificate Management System
algorithms=MD5withRSA,MD2withRSA,SHA1withRSA
plug-in module implements the subordinate CA
).

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN and is the answer not in the manual?

Questions and answers

Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN

Related Content for Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN

This manual is also suitable for:

Certificate management system 6.0

Table of Contents