Create A Policy; Configuring An Rsa Key Length Policy - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

Before you continue, you might want to try accessing the new installation from
another computer and with a different login. Try enrolling for user certificates from
there, using both the SSL and non-SSL end-user gateways. If you wish, you can
also enroll for additional agent certificates. You will have to return to the computer
from which you requested and imported your
access the Agent Services pages and approve the requests.

Create a Policy

Policies are rules that you define that are applied to requests before a certificate is
issued. Certificate Management System provides configurable policies that allow
you to enforce your organization's requirements for certificates. You can configure
different policies to be applied to different requests based on criteria such as the
type of request or which Registration Manager or Certificate Manager received the
request. You can find out more about policies in Chapter 18, "Setting Up Policies."
In a real PKI deployment, you would probably formulate your policies before
installing any software, and configure how the policies will be implemented before
issuing any certificates. For this demonstration, you will implement a simple but
very useful rule before you start issuing certificates.
You will create a policy that requires all certificate requests use RSA key pairs that
are 1024-bit or longer. This ensures that all of the certificates you issue meet a
minimum level of security. Later, you will try to enroll for a certificate using a
shorter-length key pair (512 bits) to show how the request is rejected automatically
by the policy.
Policies do not always result in acceptance or rejection: they can also be used to
modify certificate attributes such as the validity period or certificate extensions. In
the "Create a Policy" exercise, you create a policy that will reject requests that do
not have at least 1024-bit keys. In the "Use an LDAP Directory" exercise, you will
try to enroll using a 512-bit key to see how the policy works.

Configuring an RSA Key Length Policy

Start Netscape Console:
1.
On a Windows NT system, click Start, then choose Programs, then
Netscape Server Family, then Netscape Console 4.2.
On a UNIX system, open a command shell, change to the directory
/usr/netscape/server4
CMSAdmin
, and execute the file
Chapter 3
Using the Default Demo
and certificates to
User1
.
startconsole
Default Demo Installation 143