Table of Contents
Advertisement
Table 3-12 Description of parameters defined in the UniqueSubjectNameConstraints module (Continued)
Parameter
Description
Specifies whether the request must be checked for the subject name uniqueness on
enablePreAgent
submission by the user, before the request gets queued for agent approval.
ApprovalChecki
ng
• Check the box if you want the server to check the certificate request for the subject
• Uncheck the box if you want the server to check the certificate request for the
Specifies whether the certificate request must be checked for the Key Usage extension.
enableKeyUsage
Note that the policy can check the certificate request for the Key Usage extension only
ExtensionCheck
if you uncheck (disable) the enablePreAgentApprovalChecking parameter. The
ing
reason for this is that, extensions are set on the request after agent approval, so this
checking can be done after an agent approves the request.
• Check the box if you want the server to check the certificate request for the Key
• Uncheck the box if you don't want the server to check the certificate request for
name uniqueness as soon as the user submits it.
subject name uniqueness after agent approval; that is, you want the policy to be
applied to the request after an agent approves the request. You should choose this
option if you want the server to check the Key Usage extension (see
"KeyUsageExt Plug-in Module" on page 186) before determining whether to issue
the certificate.
Usage extension. If you check the box, the server checks its internal database for
certificates that have the same subject name as the one specified in the request. For
each certificate that has the matching subject name, the server compares the Key
Usage extension of the certificate to the one specified in the request. If the server
finds a certificate that has the same subject name and Key Usage extension, it
rejects request. Otherwise, the server approves the request. (This choice is suitable
if you want to have multiple certificates with same subject names but for different
purposes, such as signing and encrypting. If key-usage comparison is to be done,
be sure to specify that this policy is to be applied after the Key Usage extension
policy; see section "Step 5. Reorder Policy Rules" in Chapter 18, "Setting Up
Policies" of CMS Installation and Setup Guide.)
the Key Usage extension. If you uncheck the box, the server does not compare the
Key Usage extension in the request with the ones set in the existing certificates
that have the same subject name; it simply rejects requests with same subject
names.
UniqueSubjectNameConstraints Plug-in Module
Chapter 3
Constraints Policy Plug-in Modules
119
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN