Configuring Certificate Profiles - Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual

Configuring a Registration Manager
enrollment request is processed, it is evaluated against all policies that are
applicable to this type of request. Any policy that has no predicate is evaluated
against all certificate requests. Those with predicates are evaluated against
certificates requests that match the predicate value of the policy. The predicate
value can be a certificate type, like a CA certificate or an SSL signing certificate, in
which case, all requests for that type of certificate are evaluated by the policy. The
predicate value can be some other evaluator that can be matched in the request.
You can use hidden values in the request form to match predicate values.
When using the policy feature for enrollment, you must take care to associate a
form with all of the policies you want to be evaluated for this certificate request.
Some of the policies can be configured to collect other information about an end
entity from an LDAP directory and place that information in the certificate. A
default set of policies is created. Some of these are enabled and some are disabled.
You need to configure the policy feature by configuring the existing policies,
deleting unwanted policies, and creating needed policies that are not created by
default.
For detailed information, see Chapter 11, "Policies."
If you set up and enable policies in the Registration Manager, you must be careful
how you set up policies in the Certificate Manager that issues certificates for this
Registration Manager. Requests sent by the Registration Manager will be evaluated
by the policies set up in the Certificate Manager.

Configuring Certificate Profiles

The certificate profile feature uses instances of certificate profile plug-ins that can
be configured to issue a type of certificate. The certificate profile contains defaults
that specify the contents and the value of that content for this type of certificate,
constraints that constrain the content of this type of certificate, associate the
certificate profile with a set up authentication method, and define the contents of
the enrollment page and the output page when an automated authentication
method is used.
The default instances of certificate profiles are for particular types of certificates
including a CA certificate, SSL server certificate, end-entity certificate, and so on.
Each certificate profile is associated with the certificate profile form in the end
entity interface that lists all of the available certificate profiles. The end entity
chooses the certificate profile when submitting the request. You can customize this
form. Any enabled certificate profiles will appear as links on this form. Those links
take the user to a dynamically created HTML page that is generated based on the
inputs set in the certificate profile.
Chapter 4 Registration Manager 159