Table of Contents
Advertisement
Constraints-Specific Policy Module Reference
Table 11-3 AttributePresentConstraints Configuration Parameters (Continued)
Parameter
Description
Specifies the maximum number of connections permitted to the LDAP directory;
ldap.ldapconn.
when needed, connection pool can grow to this many (multiplexed) connections.
maxConns
Permissible values: 3 to 10; the default value is 5.
Specifies the LDAP attribute, the presence of which is to be checked in the
attribute
certificate-enrollment request. Permissible values: Valid directory attributes,
separated by commas; the default value is pin.
If this parameter is non-empty, the attribute value must match this value for the
value
request to proceed to the next stage.
DSAKeyConstraints
The
DSAKeyConstraints
•
The minimum and maximum sizes for keys
•
The sizes of exponents
The policy restricts the key size to one of the sizes, such as 512 or 1024, supported
by CMS.
You may apply this policy to end-entity certificate enrollment and renewal
requests. For example, if you want your CA to certify public keys up to 512 bits in
length for end users and 1024 for servers, you can configure CMS to do so using the
policy.
During installation, CMS automatically creates an instance of the DSA key
constraints policy, named
Table 11-4 describes the configuration parameters of the
policy.
Table 11-4 DSAKeyConstraints Configuration Parameters
Parameter
Description
Specifies whether the rule is enabled or disabled. Select to enable (default), deselect to
enable
disable.
Specifies the predicate expression for this rule. If you want this rule to be applied to
predicate
all certificate requests, leave the field blank (default). To form a predicate expression,
see "Using Predicates in Policy Rules" on page 483.
496
Netscape Certificate Management System Administrator's Guide • June 2003
plug-in module imposes constraints on the following:
, that is enabled by default.
DSAKeyRule
DSAKeyConstraints
Advertisement
Table of Contents
