Table of Contents
Advertisement
Guidelines
Meaningful only if cert-validation mode is pkix; otherwise, it is not used.
If enabled, the chain validation algorithm must end with a non-empty policy tree.
If disabled, the algorithm may end with an empty policy tree (unless Policy
Constraints extensions in the chain require an explicit policy).
Refer to RFC 2527 Internet X.509 Public Key Infrastructure Certificate Policy and
Certification Practices Framework and to RFC 3280 Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List (CRL) Profile for information
on Certificate Policies.
Examples
v Enters Validation Credentials Mode to create the ValCred-1 Validation
v Restores the default state.
initial-policy-set
Identifies a Certificate Policy used by the current Validation Credentials List.
Syntax
initial-policy-set identifier
no initial-policy-set identifier
Parameters
identifier
Guidelines
Refer to RFC 2527 Internet X.509 Public Key Infrastructure Certificate Policy and
Certification Practices Framework and to RFC 3280 Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List (CRL) Profile for information
on Certificate Policies.
Meaningful only if cert-validation mode is pkix and otherwise unused.
RFC 2527 defines a Certificate Policy is follows:
254
Command Reference
Credentials List. Specifies the chain validation algorithm must end with an
empty tree.
# valcred ValCred-1
Crypto Validation Credentials configuration mode
# explicit-policy
#
Crypto Validation Credentials configuration mode
# no explicit-policy
#
Specifies the unique object identifier for the certificate policy associated
with the current Validation Credentials List.
a named set of rules that indicates the applicability of a certificate to a
particular community and/or class of application with common security
requirements. For example, a particular certificate policy might indicate
Advertisement
Table of Contents
