Table of Contents
Advertisement
Table 11-13 describes the configuration parameters of the
UniqueSubjectNameConstraints
Table 11-13 UniqueSubjectNameConstraints Configuration Parameters
Parameter
Description
Specifies whether the rule is enabled or disabled. Select to enable, deselect to disable
enable
(default).
Specifies the predicate expression for this rule. If you want this rule to be applied to
predicate
all certificate requests, leave the field blank (default). To form a predicate expression,
see "Using Predicates in Policy Rules" on page 483.
Specifies whether the request must be checked for the subject name uniqueness on
enablePreAgent
submission by the user, before the request gets queued for agent approval.
ApprovalChecki
ng
• Select if you want the server to check the certificate request for the subject name
• Deselect if you want the server to check the certificate request for the subject name
Specifies whether the certificate request must be checked for the Key Usage extension.
enableKeyUsage
Note that the policy can check the certificate request for the Key Usage extension only
ExtensionCheck
if you deselect the enablePreAgentApprovalChecking parameter. The reason for
ing
this is that, extensions are set on the request after agent approval, so this checking can
be done after an agent approves the request.
• Select if you want the server to check the certificate request for the Key Usage
• Deselect if you don't want the server to check the certificate request for the Key
uniqueness as soon as the user submits it.
uniqueness after agent approval; that is, you want the policy to be applied to the
request after an agent approves the request. You should choose this option if you
want the server to check the Key Usage extension (see "KeyUsageExt" on
page 533) before determining whether to issue the certificate.
extension. If you select, the server checks its internal database for certificates that
have the same subject name as the one specified in the request. For each certificate
that has the matching subject name, the server compares the Key Usage extension
of the certificate to the one specified in the request. If the server finds a certificate
that has the same subject name and Key Usage extension, it rejects request.
Otherwise, the server approves the request. (This choice is suitable if you want to
have multiple certificates with same subject names but for different purposes,
such as signing and encrypting. If key-usage comparison is to be done, be sure to
specify that this policy is to be applied after the Key Usage extension policy.
Usage extension. If you deselect, the server does not compare the Key Usage
extension in the request with the ones set in the existing certificates that have the
same subject name; it simply rejects requests with same subject names.
Constraints-Specific Policy Module Reference
policy.
Chapter 11
Policies
505
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN