IssuerAltNameExt Plug-in Module182 Netscape Certificate Management System Plug-ins Guide • October 2001GenericASN1Ext RuleThe rule named GenericASN1Ext is an instance of the GenericASN1Ext module.Certificate Management System automatically creates this rule during installation.By default, the rule is configured as follows:• The rule is disabled; for the rule to be effective, it must be enabled andconfigured appropriately.• The predicate field is left blank so that the extension gets added to allcertificates the server issues.• The extension is marked noncritical (to comply with the PKIXrecommendation).• Other fields are left blank for you to enter the appropriate information.For details on individual parameters defined in the rule, see Table 4-11 onpage 178. You need to review this rule and make the changes appropriate for yourPKI setup. For instructions, see section “Step 2. Modify Existing Policy Rules” inChapter 18, “Setting Up Policies” of CMS Installation and Setup Guide. Forinstructions on adding additional instances, see section “Step 4. Add New PolicyRules” in the same chapter.IssuerAltNameExt Plug-in ModuleThe IssuerAltNameExt plug-in module implements the issuer alternative nameextension policy. This policy enables you to configure Certificate ManagementSystem to add the Issuer Alternative Name Extension defined in X.509 and PKIXstandard RFC 2459 (see http://www.ietf.org/rfc/rfc2459.txt) to certificates.This extension enables binding of or associating Internet style identities—such asInternet electronic mail address, a DNS name, an IP address, and a uniformresource indicator (URI)— with the certificate issuer.For general guidelines on setting the issuer alternative name extension, see“issuerAltName” on page 348.The issuer alternative name extension policy in Certificate Management Systemallows setting of the issuer alternative name extension as defined in its X.509definition. The policy enables you to associate the following alternative identitiesto a CA, by including them in the extension:• An rfc822 name• A directory name