Netscape MANAGEMENT SYSTEM 6.01 - PLUG-IN Manual page 113

Table 3-10 Description of parameters defined in the SigningAlgorithmConstraints module
Parameter Description
Specifies whether the rule is enabled or disabled. Check the box to enable the rule
enable
(default). Uncheck the box to disable the rule.
• If you enable the rule and set the remaining parameters correctly, the server uses
• If you disable the rule, the server uses the default algorithm specified for the
Specifies the predicate expression for this rule. If you want the rule to be applied to all
predicate
certificate requests, leave the field blank (default). To form a predicate expression, see
section "Using Predicates in Policy Rules" in Chapter 18, "Setting Up Policies" of
CMS Installation and Setup Guide.
Example: HTTP_PARAMS.certType==client
Specifies the signature algorithm the server should use to sign certificates.
algorithms
Permissible values: Depends on the CA's signing key type (the key type you chose for
the Certificate Manager's CA signing certificate).
• If the key type is RSA, select one of the following:
• If the key type is DSA, select SHA1withDSA.
Example: MD5withRSA
the configured algorithms to sign certificates specified by the predicate
parameter.
Certificate Manager; see Certificate Manager's "General Settings" tab in the CMS
window.
- MD2withRSA,MD5withRSA,SHA1withRSA
- MD2withRSA,MD5withRSA
- MD2withRSA,SHA1withRSA
- MD5withRSA,SHA1withRSA
- MD2withRSA
- MD5withRSA
- SHA1withRSA
The default value is MD2withRSA,MD5withRSA,SHA1withRSA.
SigningAlgorithmConstraints Plug-in Module
Chapter 3 Constraints Policy Plug-in Modules 113