Table of Contents
Advertisement
Extension-Specific Policy Module Reference
Note that the
includes a CA-delegated OCSP responder and you want to issue an OCSP
responder certificate to that server; the rule adds the extended key usage extension
to an OCSP responder certificate indicating that the associated key can be used for
signing OCSP responses.
Table 11-23 ExtendedKeyUsageExt Configuration Parameters
Parameter
Description
Specifies whether the rule is enabled or disabled. Select to enable, deselect to disable.
enable
Specifies the predicate expression for this rule. If you want this rule to be applied to
predicate
all certificate requests, leave the field blank (default). To form a predicate expression,
see "Using Predicates in Policy Rules" on page 483.
Specifies whether the extension should be marked critical or noncritical. Select to
critical
mark critical (default), deselect to mark noncritical (default).
Specifies the total number of key-usage purposes to be contained or allowed in the
numIds
extension. Can be set to either 0 specifying that no key-usage purposes can be
contained in the extension or n specifies the total number of key-usage purposes to be
included in the extension; it must be an integer greater than zero. The default value is
10.
Note that for any number other than O in this field, a id-<n> field will be created for
each key-usage purpose, you must specify a valid OID; otherwise the policy rule will
return an error. Configuration parameters for each key-usage purposes is
distinguished by <n>, which is an integer derived from the value you assign in this
field. For example, if you set the numIds parameter to 2, <n> would be 0 and 1.
Specifies the OID that identifies a key-usage purpose.
id<n>
Permissible values: A unique, valid OID specified in the dot-separated numeric
component notation. Depending on the key-usage purposes, you may choose to use
the OIDs designated by PKIX (listed in Table 11-22 on page 523) or define your own
OIDs. If you're defining your own OID, it should be in the registered subtree of IDs
reserved for your company's use. Although you can invent your own OIDs for the
purposes of evaluating and testing this server, in a production environment, you
should comply with the ISO rules for defining OIDs and for registering subtrees of
IDs. See
OIDs.
Example: 2.16.840.1.113730.1.99
524
Netscape Certificate Management System Administrator's Guide • June 2003
policy rule must remain enabled if your PKI setup
OCSPSigningExt
Appendix H, "Object Identifiers"
for information on allocating private
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN