Table of Contents
Advertisement
Extension-Specific Policy Module Reference
Because the renewal process requires end users to remember when their certificates
expire and renew them before the expiry date, some clients provide built-in
support for automated renewal. Inclusion of the certificate renewal window
extension in certificates is useful in a PKI setup with such clients.
Unlike some of the other policy modules, CMS does not create an instance of the
certificate renewal window extension policy during installation. If you want the
server to add this extension to certificates, you must create an instance of the
CertificateRenewalWindowExt
Table 11-19 CertificateRenewalWindowExt Configuration Parameters
Parameter
enable
predicate
critical
relativeBeginTime
518
Netscape Certificate Management System Administrator's Guide • February 2003
Description
Specifies whether the rule is enabled or disabled. Select to enable, deselect to
disable.
Specifies the predicate expression for this rule. If you want this rule to be applied
to all certificate requests, leave the field blank (default). To form a predicate
expression, see "Using Predicates in Policy Rules" on page 485.
Specifies whether the extension should be marked critical or noncritical. Select to
mark critical, deselect to mark noncritical (default).
Specifies the first time automatic renewal of certificate that contains the extension
should be attempted.
Permissible values: 0 or n.
• 0 specifies that the renewal window begins at the same time the certificate is
issued; the beginTime field of the extension will be set to the time of
certificate issuance.
• n specifies a future time for certificate renewal; the beginTime field of the
extension will be set to the specified time since certificate issuance. You can
specify the time period in seconds, minutes, hours, days, or months. Use the
following suffixes to indicate the time unit.
s - seconds
m - minutes
h - hours
D - days
M - months
For example, if you're issuing certificates with a validity period of two years
and want the renewal window to begin a month before the certificates expire,
and want to specify the interval in months, you would enter 23M in this field.
To specify the same validity interval in seconds, you would set the value to
59616000s (23 months x 30 days x 24 hours x 60 minutes x 60 seconds).
Example: 23M
module and configure it.
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN