Table of Contents
Advertisement
Table 11-9 RevocationConstraints Configuration Parameters (Continued)
Parameter
predicate
allowExpiredCerts
RSAKeyConstraints
The
RSAKeyConstraints
•
The minimum and maximum sizes for keys
•
The exponent sizes
The policy restricts the key size to one of the sizes supported by CMS—512, 1024,
2048, or 4096. In other words, the policy allows you to set up restrictions on the
lengths of public keys certified by CMS.
You may apply this policy to end-entity certificate enrollment and renewal
requests. For example, if you want your CA to certify public keys up to 1024 bits in
length for end users, you can configure the server accordingly using the policy.
During installation, CMS automatically creates an instance of the RSA key
constraints polic, named
Table 11-10 describes the configuration parameters of the
policy.
Table 11-10 RSAKeyConstraints Configuration Parameters
Parameter
Description
Specifies whether the rule is enabled or disabled. Select to enable the rule (default).
enable
Deselect to disable the rule.
Specifies the predicate expression for this rule. If you want this rule to be applied to
predicate
all certificate requests, leave the field blank (default). To form a predicate expression,
see "Using Predicates in Policy Rules" on page 485.
Description
Specifies the predicate expression for this rule. If you want this rule to be applied
to all certificate requests, leave the field blank (default). To form a predicate
expression, see "Using Predicates in Policy Rules" on page 485.
Specifies whether to allow or prevent revocation of expired certificates. Select if
you want the server to revoke expired certificates (default). Deselect if you don't
want the server to revoke expired certificates.
plug-in module imposes constraints on the following:
RSAKeyRule
Constraints-Specific Policy Module Reference
, that is disabled by default.
RSAKeyConstraints
Chapter 11
Policies
503
Advertisement
Table of Contents
