RSAKeyConstraints Plug-in Module110 Netscape Certificate Management System Plug-ins Guide • October 2001For details on individual parameters defined in the rule, see Table 3-8 on page 109.You need to review this rule and make the changes appropriate for your PKI setup.For instructions, see section “Step 2. Modify Existing Policy Rules” in Chapter 18,“Setting Up Policies” of CMS Installation and Setup Guide. For instructions onadding additional instances, see section “Step 4. Add New Policy Rules” in thesame chapter.RSAKeyConstraints Plug-in ModuleThe RSAKeyConstraints plug-in module implements the RSA key constraintspolicy. This policy imposes constraints on the following:• The minimum and maximum sizes for keys• The exponent sizesThe policy restricts the key size to one of the sizes supported by CertificateManagement System—512, 1024, 2048, or 4096. In other words, the policy allowsyou to set up restrictions on the lengths of public keys certified by CertificateManagement System.You may apply this policy to end-entity certificate enrollment and renewalrequests. For example, if you want your CA to certify public keys up to 1024 bits inlength for end users, you can configure the server accordingly using the policy.During installation, Certificate Management System automatically creates aninstance of the RSA key constraints policy. See “RSAKeyRule Rule” on page 112.Configuration Parameters ofRSAKeyConstraintsIn the CMS configuration file, the RSAKeyConstraints module is identified as.Policy.impl.RSAKeyConstraints.class=com.netscape.certsrv.policy.RSAKeyConstraints, where is caor ra (prefix identifying the subsystem).In the CMS window, the module is identified as RSAKeyConstraints. Figure 3-9shows how the configurable parameters for the module are displayed in the CMSwindow.