Table of Contents
Advertisement
Table 3-1 lists constraints-specific policy modules that are installed with a
Certificate Manager. An installation of a Registration Manager also includes all
these modules, expect for the ones noted below:
•
IssuerConstraints
•
SubCANameConstraints
•
UniqueSubjectNameConstraints
Note that the name of the Java class for a policy plug-in module is in this format:
com.netscape.cms.policy.<plugin_name>
where
for the
com.netscape.cms.policy.AttributePresentConstraints
You can use whichever modules you need in order to define policy rules for a
Certificate Manager or Registration Manager. Note that no modules are provided
for the Data Recovery Manager. Both Certificate Manager and Registration
Manager subject a request to policy checking as explained in section "Policy
Processor" in Chapter 18, "Setting Up Policies" of CMS Installation and Setup Guide.
Keep in mind that the changes made to a request by a Registration Manager may
be overwritten by a Certificate Manager when it subjects the request to its own
policy checks.
Table 3-1
Default constraints-specific policy plug-in modules
Plug-in module name
AttributePresentConstraints
DSAKeyConstraints
IssuerConstraints
KeyAlgorithmConstraints
RenewalConstraints
is the name of a plug-in module. For example, the Java class
<plugin_name>
AttributePresentConstraints
Function
Rejects a request if an LDAP attribute is not present in the enrolling
user's directory entry or if the attribute does not have a specified
value. For details, see "AttributePresentConstraints Plug-in
Module" on page 86.
Certifies only those DSA keys that have specific key lengths. For
details, see "DSAKeyConstraints Plug-in Module" on page 91.
Checks for certificates that have been issued by a particular CA.
For details, see "IssuerConstraints Plug-in Module" on page 94.
Certifies only those keys that are generated using one of the
permitted algorithms, such as RSA or DSA. For details, see
"KeyAlgorithmConstraints Plug-in Module" on page 97.
Allows or rejects requests for renewal of expired certificates. For
details, see "RenewalConstraints Plug-in Module" on page 99.
Overview of Constraints-Specific Policy Modules
module would be:
Chapter 3
Constraints Policy Plug-in Modules
85
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN