•
The server is configured to set
in Registration Manager signing certificates. Notice that the key-usage bits
specified in the default policy rule match the bits specified in the enrollment
form (
ManRAEnroll.html
certificates (see Figure 4-14).
Figure 4-14
Key usage bit-specific variables in the Registration Manager enrollment form
ServerCertKeyUsageExt Rule
The policy rule named
module. This rule is for setting the appropriate key-usage bits in SSL server
certificates. By default, the rule is configured as follows:
•
The rule is enabled.
•
The predicate expression (
rule is applied only to SSL server certificate requests.
•
The extension is marked noncritical (to comply with the PKIX
recommendation).
•
The server is configured to set
keyEncipherment
Notice that the key-usage bits specified in the default policy rule match the bits
specified in the enrollment form (
server certificates (see Figure 4-15).
digitalSignature
) for requesting Registration Manager signing
ServerCertKeyUsageExt
HTTP_PARAMS.certType==server
digitalSignature
, and
dataEncipherment
ManServerEnroll.html
Chapter 4
KeyUsageExt Plug-in Module
and
nonRepudiation
is an instance of the
) ensures that the
,
nonRepudiation
bits in SSL server certificates.
) for requesting SSL
Certificate Extension Plug-in Modules
bits
KeyUsageExt
,
195