Table of Contents
Advertisement
Table 11-34 OCSPNoCheckExt Configuration Parameters (Continued)
Parameter
Description
Select to mark critical, deselect to mark noncritical (default).
critical
PolicyConstraintsExt
The
Constraints Extension to certificates. The extension, which can be used in CA
certificates only, constrains path validation in two ways—either to prohibit policy
mapping or to require that each certificate in a path contain an acceptable policy
identifier. The policy allows you to specify both,
inhibitPolicyMapping
certificate, the extension must never consist of a null sequence. At least one of the
two specified fields must be present.
For general information about this extension, see "policyConstraints" on page 731.
During installation, CMS automatically creates an instance of the policy constraints
extension policy, named
Table 11-35 PolicyConstraintsExt Configuration Parameters
Parameter
Description
Specifies whether the rule is enabled or disabled. Select to enable, deselect to disable.
enable
Specifies the predicate expression for this rule. If you want this rule to be applied to
predicate
all certificate requests, leave the field blank (default). To form a predicate expression,
see"Using Predicates in Policy Rules," on page 485.
Select to mark critical, deselect to mark noncritical (default).
critical
PolicyConstraintsExt
fields. PKIX standard requires that, if present in a CA
PolicyConstraintsExt
plug-in module enables you to add the Policy
requireExplicitPolicy
, that is disabled by default.
Extension-Specific Policy Module Reference
Chapter 11
and
Policies
553
Advertisement
Table of Contents
