What Is Policy - Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.0:
- Manual (302 pages) ,
- Installation and migration manual (66 pages) ,
- Administrator's manual (470 pages)
Table of Contents
Advertisement
Introduction to Policy
What Is Policy?
Policy refers to a set of rules that Certificate Management System uses to evaluate
or verify an incoming request from an end entity and to determine the outcome;
the incoming requests that are governed by policies include certificate issuance,
certificate renewal, certificate revocation, key archival, and key recovery requests.
For example, in the case of a certificate issuance request, the outcome would be the
certificate content.
•
A Certificate Manager's policy can include rules for evaluating certificate
formulation, signing, renewal, and revocation requests. For example, you can
configure a Certificate Manager's policy to impose restrictions on validity
length, key type, key length, subject name, extensions, and signing algorithm
during certificate issuance.
•
A Registration Manager's policy can include rules for verifying incoming
certificate issuance, renewal, and revocation requests from end entities in order
to formulate the certificate content before forwarding the requests to a
Certificate Manager for signing. For example, you can configure a Registration
Manager's policy to impose restrictions on validity period, key length, subject
name, and extensions. In general, policies for Registration Manager are largely
the same as for Certificate Manager.
•
A Data Recovery Manager's policy can include rules for verifying users'
encryption private key archival and recovery requests.
Using policies, you can configure Certificate Management System to perform one
or more of the following operations on each certificate issuance or management
request it receives:
•
Screen the request for specific content, and modify, reject, or defer (for agent
approval) it accordingly. For example, the request might be checked for the
inclusion of organizational constraints, such as key algorithm, key size,
validity period, or a particular signing algorithm; if it did not meet the
requirement, the subsystem would modify the request or return an error,
depending on the severity of the problem.
•
Set common attributes, such as extensions for user and server certificate
requests.
560
Netscape Certificate Management System Installation and Setup Guide • March 2002
Advertisement
Table of Contents
Need help?
Do you have a question about the NETSCAPE MANAGEMENT SYSTEM 6.0 and is the answer not in the manual?
Questions and answers