KeyUsageExt Plug-in Module
Figure 4-15
ClientCertKeyUsageExt Rule
The policy rule named
module. This rule is for setting the appropriate key-usage bits in SSL client
certificates. By default, the rule is configured as follows:
•
The rule is enabled.
•
The predicate expression (
rule is applied only to SSL client certificate requests.
•
The extension is marked noncritical (to comply with the PKIX
recommendation).
•
The server is configured to set
keyEncipherment
Notice that the key-usage bits specified in the default policy rule match the bits
specified in the enrollment form for requesting SSL client certificates. Figure 4-16
shows the default directory-based enrollment form for end users with the
information related to the key usage extension variables highlighted—it shows
three of the total number of variables listed in Table 4-14 on page 187. Note that by
default three key-usage bits—
keyEncipherment
196
Netscape Certificate Management System Plug-Ins Guide • March 2002
Key usage bit-specific variables in the SSL server certificate enrollment form
ClientCertKeyUsageExt
HTTP_PARAMS.certType==client
key-usage bits in SSL client certificates.
digitalSignature
—are enabled and the remaining bits are disabled.
is an instance of the
,
digitalSignature
nonRepudiation
,
nonRepudiation
KeyUsageExt
) ensures that the
, and
, and
Need help?
Do you have a question about the NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN and is the answer not in the manual?