UniqueSubjectNameConstraints Plug-in ModuleChapter 3 Constraints Policy Plug-in Modules 117UniqueSubjectNameConstraints Plug-in ModuleThe UniqueSubjectNameConstraints plug-in module implements the uniquesubject name constraints policy. This policy restricts the server from issuingmultiple certificates with same subject names. Optionally, you can also configurethe server to allow multiple certificates with the same subject name if the keyusages are different. Note that key usages for certificates are usually specified bythe key usage extension and Certificate Management System allows you to add thisextension to certificates using the key usage extension policy explained in“KeyUsageExt Plug-in Module” on page 186.You may apply the unique subject name constraints policy to end-entity certificateenrollment and renewal requests. For example, if you want to prevent your usersfrom requesting multiple certificates with same subject names, you can configurethe server accordingly using the policy. Alternatively, if you want to allow yourusers to own multiple certificates, each for a different use, all having the samesubject name, you can do so easily using the enableKeyUsageExtensionCheckingparameter defined in this policy. This parameter makes the server check whetherthe key usages specified in the certificate request being processed is different thanthose specified in the existing certificates that have the same subject names andaccordingly issue or deny the certificate. Keep in mind that the server can check forkey usages only if the key usage extension bits are set in the certificate requestbeing processed as well as in the existing certificates that have the same subjectnames.During installation, Certificate Management System automatically creates aninstance of the unique subject name constraints policy. See“UniqueSubjectNameConstraints Rule” on page 120.Configuration Parameters ofUniqueSubjectNameConstraintsIn the CMS configuration file, the UniqueSubjectNameConstraints module isidentified as ca.Policy.impl.UniqueSubjectNameConstraints.class=com.netscape.cms.policy.UniqueSubjectNameConstraints.In the CMS window, the module is identified as UniqueSubjectNameConstraints.Figure 3-12 shows how configurable parameters for the module are displayed inthe CMS window.