Table of Contents
Advertisement
Extension-Specific Policy Module Reference
CertificatePoliciesExt
The
Policies Extension in certificates. The extension contains a sequence of one or more
policy statements, each indicating the policy under which the certificate has been
issued and identifying the purposes for which the certificate may be used. Presence
of this extension in certificates enables an application with specific policy
requirements to compare its list of policies to the ones contained in a certificate
during its validation; typically, such applications will have a list of policies (which
they will accept) and compare the policies in the certificate to their list as a part
validating the certificate.
For general information about this extension, see "certificatePolicies" on page 725.
During installation, CMS automatically creates an instance of the certificate policies
extension policy, named
Table 11-18 CertificatePoliciesExt Configuration Parameters
Parameter
enable
predicate
critical
policyId
516
Netscape Certificate Management System Administrator's Guide • February 2003
CertificatePoliciesExt
CertificatePoliciesExt
Description
Specifies whether the rule is enabled or disabled. Select to enable, deselect to
disable.
Specifies the predicate expression for this rule. If you want this rule to be applied to
all certificate requests, leave the field blank (default). To form a predicate
expression, see "Using Predicates in Policy Rules" on page 485.
Specifies whether the extension should be marked critical or noncritical. Select to
mark critical, deselect to mark noncritical (default).
Specifies the OID assigned to the policy statement you want to include in the
extension. If you specify a valid OID, the server includes the OID in the extension.
The policyId, if specified, identifies by number a particular textual statement
prepared by your organization (which is specified by the parameter named
organizationName, listed next in this table). For example, it might identify the
organization as Example Corporation and notice number 1.2.3.4.5.6.99.
Typically, applications validating the certificate will have a notice file containing
the current set of notices for your company; these application will interpret the
number in the certificate by extracting the notice text that corresponds to the
number from the file and display it to the relying party.
Permissible values: A unique, valid OID specified in dot-separated numeric
component notation (see the example). Although you can invent your own OIDs
for the purposes of evaluating and testing this server, in a production environment,
you should comply with the ISO rules for defining OIDs and for registering
Appendix H, "Object Identifiers"
subtrees of IDs. See
allocating private OIDs.
plug-in module enables you to add the Certificate
, that is disabled by default.
for information on
Advertisement
Table of Contents
