Index

A

adding extensions

to CRLs   1

to end-entity certificates   1

adding new directory attributes   1

Attribute Present Constraints policy   1

Audit log

configuring   1

logging to Windows NT event log   1

authentication

automated vs. manual   1

built-in modules   1

list of   1

NISAuth   1

PortalEnroll   1, 2

See also PIN Generator tool 1

UidPwdDirAuth   1

UidPwdPinDirAuth   1

configuring for end-user enrollment   1

default forms for users   1

directory- and PIN-based   1

directory-based   1

during certificate renewal   1

during certificate revocation   1

how to write custom plug-ins   1

manual   1

NIS server-based   1

Authority Information Access extension policy   1

Authority Key Identifier extension policy   1

authorityKeyIdentifier   1, 2, 3

automated enrollment   1

B

base DN   1

Basic Constraints extension policy   1

basicConstraints   1, 2

built-in plug-in modules

See plug-in modules 1, 2, 3, 4

bulk enrollment   1

C

CA certificate mapper   1

CA certificate publisher   1

Certificate Manager

enrollment forms for   1

logging to Windows NT event log   1

Certificate Policy extension policy   1

certificate renewal

validity period for   1

Certificate Renewal Window extension policy   1

Certificate Scope of Use extension policy   1

certificate-based enrollment   1

forms for   1

what you need   1

when to use   1

certificateIssuer   1

certificatePolicies   1

certificates

enrollment forms   1

automated   1

manual   1

extensions for   1, 2

challenge password   1

changing

DER encoding order of DirectoryString   1

Chapter Single Template   1, 2

client certificates

for DSA key pairs   1

CMC request enrollment   1

common features in extension policies   1

constraints-specific policies

attribute present constraints   1

DSA key constraints   1

issuer constraints   1

key algorithm constraints   1

renewal constraints   1

renewal validity constraints   1

revocation constraints   1

RSA key constraints   1

signing algorithm constraints   1

subordinate CA name constraints   1

unique subject name constraints   1

validity constraints   1

constraints-specific policy modules   1

conventions used in this book   1

CRL Distribution Point extension policy   1

CRL extension modules

AuthorityKeyIdentifier   1

CRLNumber   1

CRLReason   1

HoldInstruction   1

InvalidityDate   1

IssuerAlternativeName   1

IssuingDistributionPoint   1

list of   1

CRL publisher   1

cRLDistributionPoints   1

CRLNumber   1

CRLs

extensions for   1, 2

extension-specific modules   1

supported versions   1

custom plug-ins

for authentication   1

for logs   1

for mapping directory entries   1

for policy   1

for publishing to a directory   1

D

Data Recovery Manager

logging to Windows NT event log   1

defining custom OIDs   1

deltaCRLIndicator   1

DER-encoding order of DirectoryString   1

directory

removing expired certificates from   1

directory attributes

adding new   1

supported in CMS   1

directory-based authentication   1

user ID and password   1

user ID, password, and PIN   1

distinguished name (DN)

base DN   1

characters allowed in CMS   1

components   1

defined   1

extending attribute support   1

guidelines for choosing DNs   1

role in certificates   1

CA certificates   1

end-entity certificates   1

root DN   1

DN character support in CMS   1

DN components mapper   1, 2

DN pattern mapper   1

documentation

conventions followed   1

where to find   1

DSA client certificates   1

DSA Key Constraints policy   1

DSA key pairs   1

E

encrypted file system (EFS)   1

end-entity certificate publisher   1

end-entity enrollment forms   1

automated   1

manual   1

end-entity forms

for enrollment   1

enrollment

automated   1

in bulk   1

manual   1

enrollment forms

for Certificate Managers   1

for end users   1

for object signing certificates   1

for OCSP responder certificates   1

for Registration Managers   1

for servers   1

generating DSA key pairs   1

Error log

configuring   1

event log

configuring   1

logging audit and system messages   1

expired certificates

removing from the directory   1

Extended Key Usage extension policy   1

OIDs for encrypted file system   1

extending directory-attribute support in CMS   1

extensions   1, 2

   1

adding to end-entity certificates   1

an example   1

authorityKeyIdentifier   1, 2, 3

basicConstraints   1, 2

CA certificates and   1, 2

certificateIssuer   1

certificatePolicies   1

cRLDistributionPoints   1

CRLNumber   1

deltaCRLIndicator   1

extKeyUsage   1

holdInstructionCode   1

introduction to   1

invalidityDate   1

issuerAltName   1, 2

issuingDistributionPoint   1

keyUsage   1

nameConstraints   1

netscape-cert-type   1, 2

netscape-comment   1

Netscape-defined   1, 2

policyConstraints   1

policyMappings   1

privateKeyUsagePeriod   1

reasonCode   1

recommendations for usage   1, 2

structure of   1

subjectAltName   1

subjectDirectoryAttributes   1

subjectKeyIdentifier   1

X.509 certificate, summarized   1, 2

X.509 CRL, summarized   1, 2

extension-specific policies

authority information access   1

authority key identifier   1

basic constraints   1

certificate policy   1

certificate renewal window   1

certificate scope of use   1

common features   1

CRL distribution point   1

extended key usage   1

Generic ASN.1   1

issuer alternative name   1

key usage   1

name constraints   1

Netscape certificate comment   1

Netscape certificate type   1

policy constraints   1, 2

policy mappings   1

private key usage period   1

remove basic constraints   1

subject alternative name   1

subject directory attributes   1

subject key identifier   1

extension-specific policy modules   1

list of   1

extKeyUsage   1

F

file-based logging

configurable parameters   1

plug-in module name   1

file-based publisher   1

fonts used in this book   1

G

Generic ASN.1 extension policy   1

H

holdInstructionCode   1

HTML forms

for end entities

for enrollment   1

I

invalidityDate   1

Issuer Alternative Name extension policy   1

Issuer Constraints policy   1

issuerAltName   1, 2

issuingDistributionPoint   1

J

jobs

built-in modules   1

RenewalNotificationJob   1, 2

RequestInQueueJob   1, 2

UnpublishExpiredJob   1, 2

compared to plug-in implementation   1

specifying schedule for   1

K

Key Algorithm Constraints policy   1

Key Usage extension policy   1

keyUsage   1

L

listing

of CRL extension modules   1

of schedulable jobs   1

locating directory entries for publishing

how to write custom plug-ins   1

location of

CMS documentation   1

logging

built-in modules

file   1, 2

list of   1

NTEventLog   1

how to write custom plug-ins   1

to files   1

M

manual authentication   1

manual enrollment   1

mapper modules

introduction   1, 2

list of   1

mappers

created during installation   1, 2

defined   1, 2

mappers that use

CA certificate   1

DN components   1

DN patterns   1

subject attributes   1

subject names   1

mapping certificates to directory entries   1

message templates for notifications   1

N

Name Constraints extension policy   1

nameConstraints   1

Netscape Certificate Comment extension policy   1

Netscape Certificate Type extension policy   1

netscape-cert-type   1, 2

netscape-comment   1

NIS server-based authentication   1

configurable parameters   1

plug-in module name   1

notifications

customizing   1

templates   1

sending renewal notifications to end entities   1

to agents about pending requests   1

to agents about unpublishing certificates   1

NT Event log

plug-in module name   1

O

object identifiers   1

object signing certificates

for third-party tools   1

how to enroll for   1

OCSP publisher   1

OCSP responder certificates

how to enroll for   1

OIDs   1

overview

authentication modules   1

P

plug-in modules

for authentication

list of   1

NISAuth   1

PortalEnroll   1

UidPwdDirAuth   1

UidPwdPinDirAuth   1

for CRL extensions

AuthorityKeyIdentifier   1

CRLNumber   1

CRLReason   1

HoldInstruction   1

InvalidityDate   1

IssuerAlternativeName   1

IssuingDistributionPoint   1

list of   1

for logging to file   1

for logging to NT Event log   1

for logs

list of   1

for policy   1, 2, 3

AttributePresentConstraints   1

AuthInfoAccessExt   1

AuthorityKeyIdentifierExt   1

BasicConstraintsExt   1

CertificatePoliciesExt   1

CertificateRenewalWindowExt   1

CertificateScopeOfUseExt   1

CRLDistributionPointsExt   1

DSAKeyConstraints   1

ExtendedKeyUsageExt   1

GenericASN1Ext   1

IssuerAltNameExt   1

IssuerConstraints   1

KeyAlgorithmConstraints   1

KeyUsageExt   1

NameConstraintsExt   1

NSCCommentExt   1

NSCertTypeExt   1

OCSPNoCheckExt   1

PolicyConstraintsExt   1

PolicyMappingsExt   1

PrivateKeyUsagePeriodExt   1

RemoveBasicConstraintsExt   1

RenewalConstraints   1

RenewalValidityConstraints   1

RevocationConstraints   1

RSAKeyConstraints   1

SigningAlgorithmConstraints   1

SubCANameConstraints   1

SubjectAltNameExt   1

SubjectDirectoryAttributesExt   1

SubjectKeyIdentifierExt   1

UniqueSubjectNameConstraints   1

ValidityConstraints   1

for publishing   1

FileBasedPublisher   1

LdapCaCertPublisher   1

LdapCaSimpleMap   1

LdapCrlPublisher   1

LdapDNCompsMap   1

LdapDNExactMap   1

LdapSimpleMap   1

LdapSubjAttrMap   1

LdapUserCertPublisher   1

list of   1, 2

OCSPPublisher   1

for scheduling jobs

list of   1

RenewalNotificationJob   1

RequestInQJob   1

UnpublishExpiredJob   1

policy

built-in plug-in modules   1, 2, 3

constraints-specific modules   1

extension-specific modules   1

how to write custom plug-ins   1

Policy Constraints extension policy   1, 2

Policy Mappings extension policy   1

policyConstraints   1

policyMappings   1

portal enrollment   1

configurable parameters   1

plug-in module name   1

PQG parameters   1

Private Key Usage Period extension policy   1

privateKeyUsagePeriod   1

publisher modules

introduction   1

list of   1

publishers

created during installation   1, 2, 3

publishers that can publish to

CA's entry in the directory   1, 2

files   1

OCSP responder   1

users' entries in the directory   1

publishing

how to write custom plug-ins   1

publishing certificates and CRLs to directory entries   1

R

reasonCode   1

registering

custom OIDs   1

Registration Manager

enrollment forms for   1

logging to Windows NT event log   1

Remove Basic Constraints extension policy   1

Renewal Constraints policy   1

Renewal Validity Constraints policy   1

Revocation Constraints policy   1

root DN   1

RSA Key Constraints policy   1

S

server enrollment forms   1

setting CRL extensions   1

Signing Algorithm Constraints policy   1

Subject Alternative Name extension policy   1

subject attribute mapper   1

Subject Directory Attributes extension policy   1

Subject Key Identifier extension policy   1

subjectAltName   1

subjectDirectoryAttributes   1

subjectKeyIdentifier   1

subordinate CA

enrollment forms for   1

Subordinate CA Name Constraints policy   1

Sun ONE   1

support for DN characters in CMS   1

System log

configuring   1

logging to Windows NT event log   1

T

templates

for notifications   1

customizing   1

token list   1

templates

for automated notifications   1

type styles used in this book   1

U

Unique Subject Name Constraints policy   1

user enrollment forms   1

user ID and password based authentication   1

configurable parameters   1

plug-in module name   1

user ID, password, and PIN based authentication   1

configurable parameters   1

module name   1

V

Validity Constraints policy   1

W

Windows NT event log

logging audit and system messages   1

wireless certificates   1