Policy; Crls; Publishing - Netscape MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR Administrator's Manual

Features
enabled for use. A dynamically generated HTML form for the certificate profile is
used in the end-entity interface for enrollment which triggers this certificate
profile. The server will verify that the defaults and constraints set in the certificate
profile are met before acting on the request, and will use the certificate profile to
determine the content of the issued certificate. You can create additional Certificate
Profile plug-in modules using the CMS SDK. See Chapter 10, "Certificate Profiles"
for complete details.

Policy

The policy feature of CMS allows you to set policies about certificate issuance,
renewal, and revocation. You set policies that either define what is possible, for
example the possible values of for the expiration date, and extensions that are used
in a particular type of certificate. A set of prebuilt policies is available for you to
enable and configure. You can create additional Policy plug-in modules using the
CMS SDK. See Chapter 11, "Policies" for complete details.

CRLs

CMS is capable of creating certificate revocation lists. This configurable framework
allows you to define issuing points so a CRL can be created for each issuing point
defined. You can issue CRLs for each type of certificate you issue, or for a specific
subset of a type of certificate you issue. You can also configure the extensions used
in the CRLs, and set up the frequency and intervals that CRLs are published. Delta
CRLs can also be created for any issuing point that is defined.
The Certificate Manager can issue X.509 v1 or v2 CRLs. A CRL can be
automatically updated whenever a certificate is revoked or at specified intervals.
See Chapter 14, "Revocation and CRLs" for complete details.

Publishing

The publishing feature allows you to publish certificates to files and an LDAP
directory, and CRLs to files, LDAP directory, and an OCSP responder. The
publishing framework provides a robust set of tools that allow you to publish to all
three methods, and enables you to create rules that allow you to define a finer
granularity of which types of certificates or CRLs are published where. You can
enable and configure the default publishing modules, or you can create additional
publishing plug-in modules using the CMS SDK. See Chapter 15, "Publishing" for
complete details.
36 Netscape Certificate Management System Administrator's Guide • June 2003