Table of Contents
Advertisement
Table 11-17 BasicConstraintsExt Configuration Parameters (Continued)
Parameter
Description
Specifies the predicate expression for this rule. If you want this rule to be applied to
predicate
all certificate requests, leave the field blank (default). To form a predicate expression,
see "Using Predicates in Policy Rules" on page 485.
Specifies whether the extension should be marked critical or noncritical. Select to
critical
mark critical (default), deselect to mark noncritical.
Specifies whether the certificate subject is a CA. If you select the option, the server
isCA
checks the maxPathLen parameter and sets the specified path length in the
certificate. If you deselect the option, the server treats the certificate subject as a
non-CA and ignores the value specified for the maxPathLen parameter.
Specifies the path length, the maximum number of CA certificates that may be
maxPathLen
chained below (subordinate to) the subordinate CA certificate being issued. Note that
the path length you specify affects the number of CA certificates to be used during
certificate validation. The chain starts with the end-entity certificate being validated
and moving up the chain.
The maxPathLen parameter has no effect if the extension is set in end-entity
certificates.
Permissible values: 0 or n. Make sure that the value you choose is less than the path
length specified in the Basic Constraints extension of the CA signing certificate
(owned by the CA that will issue these certificates).
• 0 specifies that no subordinate CA certificates are allowed below the subordinate
• n must be an integer greater than zero. It specifies at the most n subordinate CA
• If you leave the field blank, the path length defaults to a value that is determined
CA certificate being issued—that is, only an end-entity certificate may follow in
the path.
certificates are allowed below the subordinate CA certificate being used.
by the path length set on the Basic Constraints extension in the issuer's certificate.
If the issuer's path length is unlimited, the path length in the subordinate CA
certificate will also be unlimited. If the issuer's path length is an integer greater
than zero, the path length in the subordinate CA certificate will be set to a value
that's one less than the issuer's path length; for example, if the issuer's path length
is 4, the path length in the subordinate CA certificate will be set to 3.
Extension-Specific Policy Module Reference
Chapter 11
Policies
515
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN