Uniquesubjectnameconstraints - Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual

Constraints-Specific Policy Module Reference
During installation, CMS automatically creates an instance of the subordinate CA
name constraints policy, named
default.
Table 11-12 describes the configuration parameters of the
policy.
Table 11-12 SubCANameConstraints Configuration Parameters
Parameter Description
Specifies whether the rule is enabled or disabled. Select to enable, deselect to disable
enable
(default).
Specifies the predicate expression for this rule. If you want this rule to be applied to
predicate
all certificate requests, leave the field blank (default). To form a predicate expression,
see "Using Predicates in Policy Rules" on page 485.

UniqueSubjectNameConstraints

The
UniqueSubjectNameConstraints
issuing multiple certificates with same subject names. Optionally, you can also
configure the server to allow multiple certificates with the same subject name if the
key usages are different. Note that key usages for certificates are usually specified
by the key usage extension and CMS allows you to add this extension to certificates
using the key usage extension policy explained in "KeyUsageExt" on page 535.
You may apply the unique subject name constraints policy to end-entity certificate
enrollment and renewal requests. For example, if you want to prevent your users
from requesting multiple certificates with same subject names, you can configure
the server accordingly using the policy. Alternatively, if you want to allow your
users to own multiple certificates, each for a different use, all having the same
subject name, you can do so easily using the
parameter defined in this policy. This parameter makes the server check whether
the key usages specified in the certificate request being processed is different than
those specified in the existing certificates that have the same subject names and
accordingly issue or deny the certificate. Keep in mind that the server can check for
key usages only if the key usage extension bits are set in the certificate request
being processed as well as in the existing certificates that have the same subject
names.
During installation, CMS automatically creates an instance of the unique subject
name constraints policy, named
by default.
506 Netscape Certificate Management System Administrator's Guide • February 2003
SubCANameConstraints
plug-in module restricts the server from
enableKeyUsageExtensionChecking
UniqueSubjectNameConstraints
, that is enabled by
SubCANameConstraints
, that is disabled