Table of Contents
Advertisement
Constraints-Specific Policy Module Reference
The renewal validity constraints policy enables you to enforce certain restrictions
on certificate-renewal requests, when end entities attempt to renew their
certificates.
During installation, CMS automatically creates an instance of the renewal validity
constraints policy, named
default.
Table 11-8 describes the configuration parameters of the
RenewalValidityConstraints
Table 11-8 RenewalValidityConstraints Configuration Parameters
Parameter
enable
predicate
minValidity
maxValidity
renewalInterval
RevocationConstraints
The
RevocationConstraints
of expired certificates—it allows or restricts the server from revoking expired
certificates. You may apply this policy to end-entity certificate revocation requests.
During installation, CMS automatically creates an instance of the revocation
constraints policy, named
default.
Table 11-9 describes the configuration parameters of the
policy.
Table 11-9 RevocationConstraints Configuration Parameters
Parameter
enable
502
Netscape Certificate Management System Administrator's Guide • February 2003
Description
Specifies whether the rule is enabled or disabled. Select to enable (default), deselect
to disable.
Specifies the predicate expression for this rule. If you want this rule to be applied to
all certificate requests, leave the field blank (default). To form a predicate
expression, see "Using Predicates in Policy Rules" on page 485.
Specifies the minimum validity period, in days, for renewed certificates.
Specifies the maximum validity period, in days, for renewed certificates.
Specifies how many days before its expiration that a certificate can be renewed.
Description
Specifies whether the rule is enabled or disabled. Select to enable (default),
deselect to disable.
DefaultRenewalValidityRule
policy.
plug-in module imposes constraints on revocation
RevocationConstraintsRule
, that is enabled by
, that is enabled by
RevocationConstraints
Advertisement
Table of Contents
