Table of Contents
Advertisement
PolicyConstraintsExt Plug-in Module
PolicyConstraintsExt Plug-in Module
The
plug-in module implements the policy constraints
PolicyConstraintsExt
extension policy. This policy enables you to configure Certificate Management
System to add the Policy Constraints Extension defined in X.509 and PKIX standard
RFC 2459 (see
) to certificates. The
http://www.ietf.org/rfc/rfc2459.txt
extension, which can be used in CA certificates only, constrains path validation in
two ways—either to prohibit policy mapping or to require that each certificate in a
path contain an acceptable policy identifier.
The policy constraints extension policy in Certificate Management System allows
setting of the policy constraints extension as defined in its X.509 definition. The
and
policy allows you to specify both,
requireExplicitPolicy
fields. PKIX standard requires that, if present in a CA
inhibitPolicyMapping
certificate, the extension must never consist of a null sequence. At least one of the
two specified fields must be present. Before configuring the server to add the
policy constraints extension to certificates, read the general guidelines provided in
"policyConstraints" on page 352.
During installation, Certificate Management System automatically creates an
instance of the policy constraints extension policy. See "PolicyConstraintsExt Rule"
on page 224.
Configuration Parameters of
PolicyConstraintsExt
In the CMS configuration file, the
module is identified as
PolicyConstraintsExt
ca.Policy.impl.PolicyConstraintsExt.class=com.netscape.cms.
.
policy.PolicyConstraintsExt
In the CMS window, the module is identified as
. Figure
PolicyConstraintsExt
4-23 shows how the configurable parameters for the module are displayed in the
CMS window.
Chapter 4
Certificate Extension Plug-in Modules
221
Advertisement
Table of Contents
