Table of Contents
Advertisement
Table 11-6 KeyAlgorithmConstraints Configuration Parameters (Continued)
Parameter
Description
Specifies the key type the server should certify. The default is RSA.
algorithms
Permissible values: RSA or RSA.
RenewalConstraints
The
RenewalConstraints
expired certificates—it allows or restricts the server from renewing expired
certificates. You may apply this policy to end-entity certificate renewal requests.
During installation, CMS automatically creates an instance of the renewal
constraints policy, named
Table 11-7 describes the configuration parameters of the
policy.
Table 11-7 RenewalConstraints Configuration Parameters
Parameter
enable
predicate
allowExpiredCerts
renewalNotAfter
RenewalValidityConstraints
The
RenewalValidityConstraints
content in the renewed certificate based on the currently issued certificate.
plug-in module imposes constraints on renewal of
RenewalConstraintsRule
Description
Specifies whether the rule is enabled or disabled. Select to enable the rule
(default). Deselect to disable the rule.
Specifies the predicate expression for this rule. If you want this rule to be applied
to all certificate requests, leave the field blank (default). To form a predicate
expression, see "Using Predicates in Policy Rules" on page 485.
Specifies whether to allow or prevent renewal of expired certificates. Select if you
want the server to renew expired certificates (default). Deselect if you don't want
the server to renew expired certificates.
Specifies how long, in days, after the expiration of a certificate can it be renewed.
The default value is 30 days. If you leave the field blank, the server will renew all
expired certificates that are submitted for renewal.
Constraints-Specific Policy Module Reference
, that is enabled by default.
RenewalConstraints
plug-in module governs the formulation of
Chapter 11
Policies
501
Advertisement
Table of Contents
