| Index Next |
| iPlanet Certificate Management System Plug-ins Guide |
Contents
About This GuideWhat's in This Guide
What You Should Already Know
Conventions Used in This Guide
Where to Go for Related Information
Chapter 1 Authentication Plug-in ModulesOverview of Authentication Modules
Manual Authentication
UidPwdDirAuth Plug-in Module
Configuration Parameters of UidPwdDirAuth
UidPwdPinDirAuth Plug-in Module
Configuration Parameters of UidPwdPinDirAuth
NISAuth Plug-in Module
Configuration Parameters of NISAuth
PortalEnroll Plug-in Module
Configuration Parameters of PortalAuth
Certificate-Based Enrollment
Enrollment Forms
Customizing Enrollment Forms for Generating DSA Key Pairs
Generating Files Required By Third-Party Object Signing Tools
Chapter 2 Job Plug-in ModulesOverview of Job Plug-in Modules
RenewalNotificationJob Plug-in Module
Configuration Parameters of RenewalNotificationJob
RequestInQJob Plug-in Module
Configuration Parameters of RequestInQJob
UnpublishExpiredJob Plug-in Module
Configuration Parameters of UnpublishExpiredJob
Customizing Notification Messages
Schedule for Executing Jobs
Templates for Summary Notifications
Customizing Message Templates
Tokens Available in Message Templates
Tokens for Renewal Notification Messages
Tokens for Request In Queue Notification Messages
Tokens for Directory Update Notification Messages
Chapter 3 Constraints Policy Plug-in ModulesOverview of Constraints-Specific Policy Modules
AttributePresentConstraints Plug-in Module
Configuration Parameters of AttributePresentConstraints
DSAKeyConstraints Plug-in Module
Configuration Parameters of DSAKeyConstraints
IssuerConstraints Plug-in Module
DSAKeyRule Rule
Configuration Parameters of IssuerConstraints
KeyAlgorithmConstraints Plug-in Module
IssuerRule Rule
Configuration Parameters of KeyAlgorithmConstraints
RenewalConstraints Plug-in Module
KeyAlgRule Rule
Configuration Parameters of RenewalConstraints
RenewalValidityConstraints Plug-in Module
RenewalConstraintsRule Rule
Configuration Parameters of RenewalValidityConstraints
RevocationConstraints Plug-in Module
DefaultRenewalValidityRule Rule
Configuration Parameters of RevocationConstraints
RSAKeyConstraints Plug-in Module
RevocationConstraintsRule Rule
Configuration Parameters of RSAKeyConstraints
SigningAlgorithmConstraints Plug-in Module
RSAKeyRule Rule
Configuration Parameters of SigningAlgorithmConstraints
SubCANameConstraints Plug-in Module
SigningAlgRule Rule
Configuration Parameters of SubCANameConstraints
UniqueSubjectNameConstraints Plug-in Module
SubCANameConstraints Rule
Configuration Parameters of UniqueSubjectNameConstraints
ValidityConstraints Plug-in Module
UniqueSubjectNameConstraints Rule
Configuration Parameters of ValidityConstraints
DefaultValidityRule Rule
Chapter 4 Certificate Extension Plug-in ModulesOverview of Extension-Specific Policy Modules
AuthInfoAccessExt Plug-in Module
Configuration Parameters of AuthInfoAccessExt
AuthorityKeyIdentifierExt Plug-in Module
AuthInfoAccessExt Rule
Configuration Parameters of AuthorityKeyIdentifierExt
BasicConstraintsExt Plug-in Module
AuthorityKeyIdentifierExt Rule
Configuration Parameters of BasicConstraintsExt
CertificatePoliciesExt Plug-in Module
BasicConstraintsExt Rule
Configuration Parameters of CertificatePoliciesExt
CertificateRenewalWindowExt Plug-in Module
CertificatePoliciesExt Rule
Configuration Parameters of CertificateRenewalWindowExt
CertificateScopeOfUseExt Plug-in Module
Configuration Parameters of CertificateScopeOfUseExt
CRLDistributionPointsExt Plug-in Module
Configuration Parameters of CRLDistributionPointsExt
ExtendedKeyUsageExt Plug-in Module
CRLDistributionPointsExt Rule
Configuration Parameters of ExtendedKeyUsageExt
GenericASN1Ext Plug-in Module
CODESigningExt Rule
OCSPSigningExt Rule
Configuration Parameters of GenericASN1Ext
IssuerAltNameExt Plug-in Module
GenericASN1Ext Rule
Configuration Parameters of IssuerAltNameExt
KeyUsageExt Plug-in Module
Configuration Parameters of KeyUsageExt
NameConstraintsExt Plug-in Module
CMCertKeyUsageExt Rule
RMCertKeyUsageExt Rule
ServerCertKeyUsageExt Rule
ClientCertKeyUsageExt Rule
ObjSignCertKeyUsageExt Rule
CRLSignCertKeyUsageExt
Configuration Parameters of NameConstraintsExt
NSCCommentExt Plug-in Module
NameConstraintsExt Rule
Configuration Parameters of NSCCommentExt
NSCertTypeExt Plug-in Module
NSCCommentExt Rule
Configuration Parameters of NSCertTypeExt
OCSPNoCheckExt Plug-in Module
NSCertTypeExt Rule
Configuration Parameters of OCSPNoCheckExt
PolicyConstraintsExt Plug-in Module
OCSPNoCheckExt Rule
Configuration Parameters of PolicyConstraintsExt
PolicyMappingsExt Plug-in Module
PolicyConstraintsExt Rule
Configuration Parameters of PolicyMappingsExt
PrivateKeyUsagePeriodExt Plug-in Module
PolicyMappingsExt Rule
Configuration Parameters of PrivateKeyUsagePeriodExt
RemoveBasicConstraintsExt Plug-in Module
Configuration Parameters of RemoveBasicConstraintsExt
SubjectAltNameExt Plug-in Module
Configuration Parameters of SubjectAltNameExt
SubjectDirectoryAttributesExt Plug-in Module
SubjectAltNameExt Rule
Configuration Parameters of SubjectDirectoryAttributesExt
SubjectKeyIdentifierExt Plug-in Module
Configuration Parameters of SubjectKeyIdentifierExt
SubjectKeyIdentifierExt Rule
Chapter 5 Mapper Plug-in ModulesOverview of Mapper Modules
LdapCaSimpleMap Plug-in Module
Configuration Parameters of LdapCaSimpleMap
LdapDNCompsMap Plug-in Module
LdapCaCertMap Mapper
LdapCrlMap Mapper
Configuration Parameters of LdapDNCompsMap
LdapDNExactMap Plug-in Module
Configuration Parameters of LdapDNExactMap
LdapSimpleMap Plug-in Module
Configuration Parameters of LdapSimpleMap
LdapSubjAttrMap Plug-in Module
LdapUserCertMap Mapper
Configuration Parameters of LdapSubjAttrMap
Chapter 6 Publisher Plug-in ModulesOverview of Publisher Modules
FileBasedPublisher Plug-in Module
Configuration Parameters of FileBasedPublisher
LdapCaCertPublisher Plug-in Module
Configuration Parameters of LdapCaCertPublisher
LdapUserCertPublisher Plug-in Module
LdapCaCertPublisher Publisher
Configuration Parameters of LdapUserCertPublisher
LdapCrlPublisher Plug-in Module
LdapUserCertPublisher Publisher
Configuration Parameters of LdapCrlPublisher
OCSPPublisher Plug-in Module
LdapCrlPublisher Publisher
Configuration Parameters of OCSPPublisher
Chapter 7 CRL Extension Plug-in ModulesOverview of CRL Extension Modules
AuthorityKeyIdentifier Rule
CRLNumber Rule
CRLReason Rule
HoldInstruction Rule
InvalidityDate Rule
IssuerAlternativeName Rule
IssuingDistributionPoint Rule
Chapter 8 Log Plug-in ModulesOverview of Log Modules
file Plug-in Module
Configuration Parameters of file
NTEventLog Plug-in Module
Audit Log Event Listener
Error Log Event Listener
System Log Event Listener
Configuration Parameters of NTEventLog
NTAudit Event Listener
NTSystem Event Listener
Appendix A Distinguished NamesWhat Is a Distinguished Name?
Distinguished Name Components
DNs in Certificate Management System
Root Distinguished Name
Base Distinguished Name
Extending Attribute Support
Adding New or Proprietary Attributes
Role of Distinguished Names in Certificates
Adding Attributes to an Enrollment Form
Changing the DER Encoding Order
DNs in End-Entity Certificates
DNs in CA Certificates
Selecting DNs for Certificates
DN Patterns and Certificate Subject Names
Appendix B Object IdentifiersWhat's an Object Identifier?
Registration of Object Identifiers
Appendix C Certificate and CRL ExtensionsIntroduction to Certificate Extensions
Index
Structure of Certificate Extensions
Recommendations for Certificate Extension Use
Sample Certificate Extensions
Standard X.509 v3 Certificate Extensions
Introduction to CRL Extensions
authorityInfoAccess
authorityKeyIdentifier
basicConstraints
certificatePolicies
cRLDistributionPoints
extKeyUsage
issuerAltName
keyUsage
nameConstraints
OCSPNocheck
policyConstraints
policyMappings
privateKeyUsagePeriod
subjectAltName
subjectDirectoryAttributes
subjectKeyIdentifier
Structure of CRL Extensions
Standard X.509 v3 CRL Extensions
Sample CRL and CRL Entry Extensions
Extensions for CRLs
Netscape-Defined Certificate Extensions
authorityKeyIdentifier
CRL Entry Extensions
CRLNumber
deltaCRLIndicator
issuerAltName
issuingDistributionPoint
certificateIssuer
holdInstructionCode
invalidityDate
reasonCode
CA Certificates and Extension Interactions
netscape-cert-type
netscape-comment
Index Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated April 02, 2001