Table of Contents
Advertisement
Extension-Specific Policy Module Reference
Extension-Specific Policy Module Reference
To enable you to add standard and private extensions to end-entity certificates,
CMS provides a set of policy plug-in modules; each module enables you to add a
particular extension to a certificate request.
When deciding whether to add any of the X.509 v3 certificate extensions, keep in
mind that not all applications support X.509 v3 extensions. Among the applications
that do support extensions, not all applications will recognize every extension.
You can use these modules to configure a Certificate Manager and Registration
Manager to add extensions to certificates. Both subsystems add extensions to a
certificate request when it undergoes policy processing. Keep in mind that the
changes made to a request by a Registration Manager may be overwritten by a
Certificate Manager when it subjects the request to its own policy checks.
In general, you should make custom extensions noncritical if you want your
certificates supported by other applications. (Other applications most likely will
not understand your extension.)
By default, only noncritical extensions are added to certificates. This ensures that
the resulting certificates can be used with all clients. If you add a critical extension,
the resulting certificate can only be used by clients that support that extension.
Additionally, the server also provides a module for adding any custom, ASN.1
type extensions. If you determine that the default policy modules do not meet your
requirements entirely, you can develop a custom module using CMS SDK.
AuthInfoAccessExt
The
AuthInfoAccessExt
Information Access Extension. The extension specifies how an application validating
a certificate can access information, such as on-line validation services and CA
policy statements, about the CA that has issued the certificate. Note that this
extension should not be used to point directly to the CRL location maintained by a
CA; the CRL Distribution Points extension explained in
"CRLDistributionPointsExt" on page 522 allows you to reference to CRL locations.
For general information about this extension, see "authorityInfoAccess" on
page 723.
During installation, CMS automatically creates an instance of the authority
information access extension policy, named
by default.
510
Netscape Certificate Management System Administrator's Guide • February 2003
plug-in module enables you to add the Authority
AuthInfoAccessExt
, that is disabled
Advertisement
Table of Contents
