Netscape MANAGEMENT SYSTEM 6.2 - AGENT GUIDE Manual page 30

About Certificate Profiles
For example, a certificate profile could be set up for user certificates that defines all
aspects of that certificate including the validity period of the issued certificate. A
default can be set up that defines the validity period as two years. A constraint can
be set up so that the validity period for certificates issued from requests submitted
to this certificate profile cannot exceed two years. When a user sends a request
using the input page associated with this certificate profile, the certificate issued
will contain the information specified in the defaults set up and will be valid for
two years. If a user submits a pre formatted request that requests a certificate with
a validity period of four years, the request will be rejected since the constraints
allow a maximum of two years validity period for this type of certificate.
A set of certificate profiles have been pre built for the most common types of
certificates issued. The pre built certificate profiles define defaults and constraints
commonly associated with this type of certificate, associate the authentication
method common for this type of enrollment, and define the needed inputs and
outputs for the certificate profile.
An administrator can use these pre built certificate profiles, modify any or all of
these by changing the authentication method, the defaults, the constraints used in
each policy, the values assigned to any of the parameters in a policy, or the input
and output. They can also create other certificate profiles either for other types of
certificates, or for creating more than one certificate profile for a type of certificate.
They might create more than one certificate profile for a particular type of
certificate when they want to issue the same type of certificate with either a
different authentication method or different definitions for the defaults and
constraints. For example, an administrator might create two certificate profiles
used for enrollment for SSL Server certificates where one certificate profile issues
certificates with a validity period of six months and another certificate profile
issues certificates with a validity period of two years.
A set of defaults and constraints have been pre built for the most commonly used
certificate content and constraints. An administrator can set up additional defaults
and constraints using the CMS SDK.
An input specifies how the enrollment page should be presented. An administrator
can use inputs to add text fields to the enrollment page so that additional
information can be gathered and used for the enrollment. The input values are
used as values in the certificate. A set of inputs have been created allowing
administrators to create an enrollment form containing the fields needed for most
certificate profiles you will create. The inputs provide a certificate request field that
can be added to any of the forms so that certificate requests can be pasted into this
field, allowing a request to be created outside the input form with any of the
request information you need.
30 Netscape Certificate Management System Agent's Guide • June 2003