Table of Contents
Advertisement
Defaults Reference
Table 10-7 Key Usage Extension Default Configuration Parameters (Continued)
Parameter
decipherOnly
Name Constraints Extension Default
This default populates a name constraint extension in the certificate request. The
extension is used in CA certificates to indicate a name space within which subject
names or subject alternative names in subsequent certificates in a certification path
or chain should be located.
For general information about this extension, see "nameConstraints" on page 730.
You can define the following constraints with this default:
•
Extension Constraint, see "Extension Constraint," on page 475.
•
No Constraints, see "No Constraint," on page 477.
This default allows you to define 5 locations for both the permitted subtree and the
excluded subtree and specify parameters for each of these location. The parameters
are marked with an
with one of the five possible locations.
Table 10-8 Name Constraints Extension Default Configuration Parameters
Parameter
critical
permittedSubtrees
<n>.
min
458
Netscape Certificate Management System Administrator's Guide • February 2003
Description
Specifies whether to set the extension if the public key is to be
used only for deciphering data. If this bit is set, keyAgreement
should also be set. Select true to set, select false to not set.
in the table to distinguish that the parameter is associated
<n>
Description
Select true to mark this extension critical; select false to mark the
extension noncritical.
Specifies the minimum number of permitted subtrees.
• -1 specifies that the field should not be set in the extension.
• 0 specifies that the minimum number of subtrees is zero.
• n must be an integer that is greater than zero. It specifies at
the most n subtrees are allowed.
Advertisement
Table of Contents
Need help?
Do you have a question about the NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR and is the answer not in the manual?