Netscape MANAGEMENT SYSTEM 6.0 - PLUG-IN Manual page 143

The configuration shown in Figure 4-3 creates a policy rule named
AuthKeyIDExtForCACert
authority key identifier extension in all CA certificates.
Table 4-3 gives details about each of these parameters.
Description of parameters defined in the AuthorityKeyIdentifierExt module
Table 4-3
Parameter Description
Specifies whether the rule is enabled or disabled. Check the box to enable the rule
enable
(default). Uncheck the box to disable the rule.
• If you enable the rule and set the remaining parameters correctly, the server adds
• If you disable the rule, the server does not add the extension to certificates; it
Specifies the predicate expression for this rule. If you want this rule to be applied to
predicate
all certificate requests, leave the field blank (default). To form a predicate expression,
see section "Using Predicates in Policy Rules" in Chapter 18, "Setting Up Policies" of
CMS Installation and Setup Guide.
Example: HTTP_PARAMS.certType==ca
Specifies whether the extension should be marked critical or noncritical in certificates
critical
specified by the predicate parameter. Check the box if you want the server to mark
the extension critical. Uncheck the box if you want the server to mark the extension
noncritical (default).
Specifies what should be done if the CA certificate does not have a Subject Key
AltKeyIdType
Identifier extension.
Permissible values: SpkiSHA1 or None.
• Select SpkiSHA1 if you want the server to use a SHA-1 hash of the CA's subject
• Select None if you don't want the server to set the authority key identifier
Example: SpkiSHA1
, which enforces a rule that the server should set the
the authority key identifier extension to certificates specified by the predicate
parameter.
ignores the values in the remaining fields.
public key information (default).
extension in certificates.
AuthorityKeyIdentifierExt Plug-in Module
Chapter 4 Certificate Extension Plug-in Modules 143