Table of Contents
Advertisement
Signing Algorithm Default
This default populates a signing algorithm in the certificate request. This default
presents an agent with the possible algorithms that can be used for signing the
certificate in a list that the agent can select from.
You can define the following constraints with this default:
•
Signing Algorithm Constraint, see "Signing Algorithm Constraint," on page
478.
•
No Constraints, see "No Constraint," on page 477.
Table 10-14 Signing Algorithm Default Configuration Parameters
Parameter
signingAlgsAllowed
signingAlg
Subject Alternative Name Extension Default
This default populates a subject alternative name extension in the certificate
request. The extension enables you to bind additional identities—such as Internet
electronic mail address, a DNS name, an IP address, and a uniform resource
indicator (URI)—to the subject of the certificate.
For general information about this extension, see "subjectAltName" on page 732.
The standard suggests that if the certificate subject field contains an empty
sequence, then the subject alternative name extension must contain the subject's
alternative name and that the extension be marked critical.
If you're using any of the directory-based authentication methods, you can
configure CMS to retrieve values for any string and byte attributes from the
directory and set them in the certificate request during authentication—you specify
these attributes by entering them in the
ldapByteAttributes
Description
Specify the signing algorithms that can be used for
signing this certificate. You can specify any or all of the
following:
MD2withRSA,MD5withRSA,SHA1withRSA
Specify the default signing algorithm to be used to
create this certificate. An agent can override this value
by specifying one of the values contained in the
signingAlgsAllowed parameter.
ldapStringAttributes
fields defined in the automated enrollment modules.
Defaults Reference
and
Chapter 10
Certificate Profiles
467
Advertisement
Table of Contents
