Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual page 432

About Certificate Profiles
For example, you could set up a certificate profile for user certificates that defines
all aspects of that certificate including the validity period of the issued certificate.
You can set a default that defines the default validity period as two years. You
would also set up a constraint that the validity period for certificates issued from
requests submitted to this certificate profile cannot exceed two years. When a user
sends a request using the input form associated with this certificate profile, the
certificate issued will contain the information specified in the defaults set up and
will be valid for two years. If a user submits a pre formatted request that requests a
certificate with a validity period of four years, the request will be rejected since the
constraints allow a maximum of two years validity period for this type of
certificate.
A set of certificate profiles have been pre built for the most common types of
certificates issued. The pre built certificate profiles define defaults and constraints
commonly associated with this type of certificate, associate the authentication
method common for this type of enrollment, and define the needed inputs and
outputs for the certificate profile.
You can use these pre built certificate profiles, you can modify any or all of these by
changing the authentication method, the defaults, the constraints used in each
policy, the values assigned to any of the parameters in a policy, or the input and
output. You can also create other certificate profiles either for other types of
certificates, or for creating more than one certificate profile for a type of certificate.
You might create more than one certificate profile for a particular type of certificate
when you want to issue the same type of certificate with either a different
authentication method or different definitions for the defaults and constraints. For
example, you might create two certificate profiles used for enrollment for SSL
Server certificates where one certificate profile issues certificates with a validity
period of six months and another certificate profile issues certificates with a
validity period of two years.
A set of defaults and constraints have been pre built for the most commonly used
certificate content and constraints. You can set up additional defaults and
constraints using the CMS SDK.
An input specifies how the enrollment page should be presented, and what inputs
should be gathered from the end-entities. You can use inputs to add text fields to
the enrollment page so that additional information can be gathered and used for
the enrollment. The input values are used as values in the certificate. A set of inputs
have been created allowing you to create an enrollment form containing the fields
needed for most certificate profiles you will create. The pre built inputs are not
configurable in CMS; you can change them using the CMS SDK. For some options,
or for some content you may want to collect, you may need to create additional
432 Netscape Certificate Management System Administrator's Guide • February 2003