Table of Contents
Advertisement
KeyUsageExt Plug-in Module
•
The server is configured to set
keyCertsign
key-usage bits specified in the default policy rule match the bits specified in the
enrollment form (
(see Figure 4-13).
Figure 4-13
RMCertKeyUsageExt Rule
The policy rule named
module. This rule is for setting the appropriate key-usage bits in Registration
Managers' signing certificates; see section "Signing Key Pair and Certificate" in
Chapter 14, "Managing CMS Keys and Certificates" of CMS Installation and Setup
Guide. By default, the rule is configured as follows:
•
The rule is enabled.
•
The predicate expression (
is applied only to Registration Manager signing certificate requests.
•
The extension is marked noncritical (to comply with the PKIX
recommendation).
194
Netscape Certificate Management System Plug-Ins Guide • March 2002
, and
bits in CA signing certificates. Notice that the
cRLSign
ManCAEnroll.html
Key usage bit-specific variables in the Certificate Manager enrollment form
RMCertKeyUsageExt
HTTP_PARAMS.certType==ra
,
digitalSignature
nonRepudiation
) for requesting CA signing certificates
is an instance of the
,
KeyUsageExt
) ensures that the rule
Advertisement
Table of Contents
