Configuring Policy Rules For A Subsystem; Modifying Policy Rules - Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual

Assume you named the instance
period to 60 days, set the minimum validity period to 10 days, defined the
predicate expression as
HTTP_PARAMS.orgunit!=Sales
applied to only client certificate requests from users who are not in the
organizational unit named Sales.)
A sample of the resulting configuration entries in the CMS configuration file
would be as follows:
ca.Policy.rule.ValidityRule2.enable=true
ca.Policy.rule.ValidityRule2.implName=ValidityConstraints
ca.Policy.rule.ValidityRule2.maxValidity=60
ca.Policy.rule.ValidityRule2.minValidity=10
ca.Policy.rule.ValidityRule2.predicate=HTTP_PARAMS.certType==
The new configuration would result in certificates with a validity period of six
months for users in the Sales organizational unit and a validity period of three
months for users in the Manufacturing unit.

Configuring Policy Rules for a Subsystem

You can configure the main subsystems of CMS (CMS)—the Certificate Manager,
Registration Manager, and Data Recovery Manager—to apply certain
organizational policies on end entities' certificate enrollment, renewal, and
revocation requests before servicing them. This section explains how to configure a
subsystem to evaluate end-entity requests based on a set of policy rules.

Modifying Policy Rules

To modify existing policy rules:
Log in to the CMS window (see "Logging Into the CMS Console" on page 247).
1.
Select the Configuration tab.
2.
In the navigation tree, select the subsystem to which the policy rule you want
3.
to modify belongs.
Select Policies.
4.
The Policy Rules Management tab appears. It lists configured policy rules.
HTTP_PARAMS.certType==client AND
client AND HTTP_PARAMS.orgunit!=Sales
Configuring Policy Rules for a Subsystem
, set the maximum validity
ValidityRule1
. (This expression specifies that the policy be
Chapter 11 Policies 491