Table of Contents
Advertisement
During installation, CMS automatically creates an instance of the validity
constraints policy, named
Table 11-14 describes the configuration parameters of the
policy.
Table 11-14 ValidityConstraints Configuration Parameters
Parameter
Description
Specifies whether the rule is enabled or disabled. Select to enable (default), deselect to
enable
disable.
Specifies the predicate expression for this rule. If you want this rule to be applied to
predicate
all certificate requests, leave the field blank (default). To form a predicate expression,
see "Using Predicates in Policy Rules" on page 485.
Specifies the minimum validity period, in days, for certificates.
minValidity
Specifies the maximum validity period, in days, for certificates.
maxValidity
Specifies the lead time, in minutes, for certificates. For a certificate renewal request to
leadTime
pass the renewal validity constraints policy, the value of the notBefore attribute in
the certificate request must not be more than value of the leadTime parameter in the
future, relative to the time when the policy rule is run.
The notBefore attribute value specifies the date on which the certificate validity
begins; validity dates through the year 2049 are encoded as UTCTime, dates in 2050 or
later are encoded as GeneralizedTime.
Specifies the lag time, in minutes, for certificates. For a certificate renewal request to
lagTime
pass the renewal validity constraints policy, the value of the notBefore attribute in
the certificate request must not be more than the value of the lagTime in the past,
relative to the time when the policy is run.
The notBefore attribute value specifies the date on which the certificate validity
ends; validity dates through the year 2049 are encoded as UTCTime, dates in 2050 or
later are encoded as GeneralizedTime.
Specifies the number of minutes to subtract from the current time when creating the
notBeforeSkew
value for the certificate's notBefore attribute. It can help some clients with
incorrectly set clocks use the new certificate after downloading. For example, if the
certificate is issued at 11:30 a.m. and the clock settings of the client into which the
certificate is downloaded is 11:20 a.m., the certificate cannot be used for 10 minutes.
Setting the value of the beforeFix parameter to 10 minutes would adjust the value
of the notBefore parameter to 11:20 a.m.—thus making the certificate usable
following the download.
DefaultValidityRule
Constraints-Specific Policy Module Reference
, that is enabled by default.
ValidityConstraints
Chapter 11
Policies
509
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN