Table of Contents
Advertisement
RenewalValidityConstraints Plug-in Module
•
The server allows renewal of expired certificates within 30 days, starting from
the date they expire.
For details on individual parameters defined in the rule, see Table 3-6 on page 101.
You need to review this rule and make the changes appropriate for your PKI setup.
For instructions, see section "Step 2. Modify Existing Policy Rules" in Chapter 18,
"Setting Up Policies" of CMS Installation and Setup Guide. For instructions on
adding additional instances, see section "Step 4. Add New Policy Rules" in the
same chapter.
RenewalValidityConstraints Plug-in Module
The
RenewalValidityConstraints
validity constraints policy. This policy governs the formulation of content in the
renewed certificate based on the currently issued certificate.
Every certificate issued by Certificate Management System is valid for a limited
duration, which is determined by the validity period specified in the validity
constraints policy (see "ValidityConstraints Plug-in Module" on page 120) at the
time the certificate is issued. In order to continue to participate in the PKI-using
system beyond this validity period, the entity owning the certificate must renew
the certificate; the new certificate generally contains a new validity time period and
some updated attributes.
To eliminate administrative overhead of monitoring certificate validity periods and
reminding users to renew their certificates, Certificate Management System
provides a schedulable job that can detect any to-be-expired certificates and
automatically remind users to renew their certificates. For details about this job, see
"RenewalNotificationJob Plug-in Module" on page 65.
The renewal validity constraints policy enables you to enforce certain restrictions
on certificate-renewal requests, when end entities attempt to renew their
certificates. You can specify restrictions on the following:
•
The number of days before expiration that end entities can renew their
currently active or valid certificates. For example, if you want to prevent end
entities from renewing their certificates any earlier than 15 days before
expiration, you can configure the server accordingly using the policy.
•
The validity period of the renewed certificate. For example, if you want the
validity period of all renewed certificates to be a minimum of 180 days, you
can configure the server accordingly using the policy. Note that the renewal
period starts from the ending period in the certificate presented for renewal.
102
Netscape Certificate Management System Plug-Ins Guide • May 2002
plug-in module implements the renewal
Advertisement
Table of Contents
