Table of Contents
Advertisement
CertificatePoliciesExt Plug-in Module
•
The path length field (
that is determined by the path length set on the Basic Constraints extension in
the issuer's certificate.
For details on individual parameters defined in the rule, see Table 4-4 on page 146.
You need to review this rule and make the changes appropriate for your PKI setup.
For instructions, see section "Step 2. Modify Existing Policy Rules" in Chapter 18,
"Setting Up Policies" of CMS Installation and Setup Guide. For instructions on
adding additional instances, see section "Step 4. Add New Policy Rules" in the
same chapter.
CertificatePoliciesExt Plug-in Module
The
CertificatePoliciesExt
extension policy. This policy enables you to configure Certificate Management
System to add the Certificate Policies Extension defined in X.509 and PKIX standard
RFC 2459 (see
extension contains a sequence of one or more policy statements, each indicating the
policy under which the certificate has been issued and identifying the purposes for
which the certificate may be used. Presence of this extension in certificates enables
an application with specific policy requirements to compare its list of policies to the
ones contained in a certificate during its validation; typically, such applications
will have a list of policies (which they will accept) and compare the policies in the
certificate to their list as a part validating the certificate.
To promote interoperatability, the PKIX standard recommends that the policy
statements or information terms should be included in certificates in the form of
object identifiers (OIDs). For more information on OIDs, see Appendix B, "Object
Identifiers." This means, in order for the server to add this extension to any
certificate it issues, you need to compose policy statements you want to include in
the extension, define OIDs for these policy statements, and configure the server
with these OIDs.
When determining whether to add this extension to certificates, keep in mind that
if the extension exists in a certificate and if it is marked critical, the application
validating the certificate must be able to interpret the extension (including the
optional qualifiers, if any), or else it must reject the certificate. For general
guidelines on setting the certificate policies extension, see "certificatePolicies" on
page 342.
148
Netscape Certificate Management System Plug-Ins Guide • May 2002
maxPathLen
plug-in module implements the certificate policies
http://www.ietf.org/rfc/rfc2459.txt
) is left blank so that it defaults to a value
) in certificates. The
Advertisement
Table of Contents
