Table of Contents
Advertisement
Extension-Specific Policy Module Reference
The SSL protocol provides a way for a client application to authenticate itself to a
web site or server. SSL client authentication occurs upon request of the server, and
proceeds by providing a certificate and a signature to the server. The client may
have more than one certificate that could be used to perform this authentication.
The SSL protocol provides a way for the server to indicate which certificate may be
useful by listing issuing CAs in one of the SSL protocol messages.
By using a particular certificate for SSL client authentication, the client releases
information about itself to the server. This information may include the name and
key information contained in the certificate. It also releases the information that the
client holds a certificate from a particular CA. This information may be of interest
to the company running the server, for example to find users that have certificates
from competing companies.
The certificate scope of use extension can be included in certificates to restrict the
scope-of-use of the certificate for client authentication; the extension enables the
certificate-using application to restrict the release of individual certificates to web
sites requesting SSL client authentication.
The certificate scope of use extension policy in CMS enables you to include a list of
name patterns that will match server DNS names where the certificate may be
used. It's up to the certificate-using applications to use the values in this extension
to filter the list of potential certificates to use for client authentication.
Unlike some of the other policy modules, CMS does not create an instance of the
certificate scope of use extension policy during installation. If you want the server
to add this extension to certificates, you must create an instance of the
CertificateScopeOfUseExt
Table 11-20 CertificateScopeOfUseExt Configuration Parameters
Parameter
enable
predicate
critical
520
Netscape Certificate Management System Administrator's Guide • February 2003
Description
Specifies whether the rule is enabled or disabled. Select to enable, deselect to
disable.
Specifies the predicate expression for this rule. If you want this rule to be
applied to all certificate requests, leave the field blank (default). To form a
predicate expression, see "Using Predicates in Policy Rules" on page 485.
Specifies whether the extension should be marked critical or noncritical. Select
to mark critical, deselect to mark noncritical (default).
module and configure it.
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN
Need help?
Do you have a question about the NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR and is the answer not in the manual?
Questions and answers