1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Software
  5. NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
  6. Manual

Nscerttypeext Rule; Ocspnocheckext Plug-In Module - Netscape MANAGEMENT SYSTEM 6.01 - PLUG-IN Manual

Hide thumbs
Table of Contents

Advertisement

NSCertTypeExt Rule

The policy rule named
module. Certificate Management System automatically creates this rule during
installation. By default, the rule is configured as follows:
The rule is enabled.
The predicate expression is set so that the extension gets added to all
certificates except the ones issued to routers
(
The server sets the default bits if the bits are unspecified in the enrollment
form.
For details on individual parameters defined in the rule, see Table 4-20 on
page 216. You need to review this rule and make the changes appropriate for your
PKI setup. For instructions, see section "Step 2. Modify Existing Policy Rules" in
Chapter 18, "Setting Up Policies" of CMS Installation and Setup Guide. For
instructions on adding additional instances, see section "Step 4. Add New Policy
Rules" in the same chapter.

OCSPNoCheckExt Plug-in Module

The
OCSPNoCheckExt
policy. This policy enables you to configure Certificate Management System to add
the OCSP No Check Extension defined in X.509 and PKIX standard RFC 2560 (see
http://www.ietf.org/rfc/rfc2560.txt
should be used in OCSP responder certificates only, indicates how
OCSP-compliant applications can verify the revocation status of the certificate an
authorized OCSP responder uses to sign OCSP responses.
The online certificate status protocol (OCSP) enables OCSP-compliant applications
to determine the revocation status of a certificate being validated. Certificate
Management System supports the OCSP service—you can configure a Certificate
Manager to publish CRLs to an online validation authority, also called OCSP
responder (see Chapter 21, "Setting Up an OCSP Responder" of CMS Installation
and Setup Guide). If you configure Certificate Management System to work with an
OCSP responder, OCSP-compliant applications in your PKI setup will be able to do
real-time verification of certificates by querying the OCSP responder for their
revocation status. Note that these applications will be able to query the OCSP
NSCertTypeExt
predicate=HTTP_PARAMS.certType!=CEP-Request
plug-in module implements the OCSP no check extension
OCSPNoCheckExt Plug-in Module
is an instance of the
NSCertTypeExt
).
) to certificates. The extension, which
Chapter 4
Certificate Extension Plug-in Modules
217

Advertisement

Table of Contents
loading

Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN

Related Content for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN

This manual is also suitable for:

Certificate management system 6.01

Table of Contents