1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Software
  5. NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
  6. Manual

Uniquesubjectnameconstraints Rule; Validityconstraints Plug-In Module - Netscape MANAGEMENT SYSTEM 6.01 - PLUG-IN Manual

Hide thumbs
Table of Contents

Advertisement

ValidityConstraints Plug-in Module

UniqueSubjectNameConstraints Rule

The rule named
UniqueSubjectNameConstraints
automatically creates this rule during installation. By default, the rule is configured
as follows:
The rule is disabled; for the rule to be effective, it must be enabled and
configured appropriately.
The certificate requests are checked for subject name uniqueness after agents
process the requests for approval—if you're using manual enrollment and
deferred requests.
The certificate requests are checked for Key Usage extension.
The predicate expression is left blank so that the rule is applied to all certificate
enrollment and renewal requests processed by the server.
For details on individual parameters defined in the rule, see Table 3-12 on
page 118. You need to review this rule and make the changes appropriate for your
PKI setup. For instructions, see section "Step 2. Modify Existing Policy Rules" in
Chapter 18, "Setting Up Policies" of CMS Installation and Setup Guide. For
instructions on adding additional instances, see section "Step 4. Add New Policy
Rules" in the same chapter.
ValidityConstraints Plug-in Module
The
ValidityConstraints
policy. This policy enforces minimum and maximum validity periods for
certificates and changes them if the policy is not met. Specifically, the policy
imposes constraints on the following:
The duration of a certificate's validity period (based on supported minimum
and maximum validity periods).
The lead and lag time for the beginning date and time (the
notAfter
into the front or back the
If this policy rule is enabled, the server applies the rule to the certificate request
being processed, and then determines if the validity period in the request is
acceptable. The rule checks two X.509 attributes of the certificate, the
and
notAfter
make sure that they conform to the configured ranges.
120
Netscape Certificate Management System Plug-Ins Guide • May 2002
UniqueSubjectNameConstraints
module. Certificate Management System
plug-in module implements the validity constraints
attributes in certificate requests) for the validity period; how far back
notBefore
time, which together indicate the total validity life of a certificate, to
is an instance of the
date could go in minutes.
and
notBefore
notBefore

Advertisement

Table of Contents
loading

Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN

Related Content for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN

This manual is also suitable for:

Certificate management system 6.01

Table of Contents