SubjectAltNameExt Plug-in Module232 Netscape Certificate Management System Plug-Ins Guide • March 2002SubjectAltNameExt Plug-in ModuleThe SubjectAltNameExt plug-in module implements the subject alternative namepolicy. This policy enables you to configure Certificate Management System to addthe Subject Alternative Name Extension defined in X.509 and PKIX standard RFC2459 (see http://www.ietf.org/rfc/rfc2459.txt) to certificates. The extensionenables you to bind additional identities—such as Internet electronic mail address,a DNS name, an IP address, and a uniform resource indicator (URI)—to the subjectof the certificate.The standard suggests that if the certificate subject field contains an emptysequence, then the subject alternative name extension must contain the subject’salternative name and that the extension be marked critical. For general guidelineson setting the subject alternate name extension in certificates, see“subjectAltName” on page 354.The subject alternative name extension policy in Certificate Management Systemenables you to include values of certificate-request attributes in the extension. Youcan include any number of attributes as long as the attribute values conform to anyof the supported general-name forms: rfc822Name, X.500 directory name, DNSname, EDI party name, URL, IP address, object identifier, and Other name.Table 4-25 Description of parameters defined in the RemoveBasicConstraintsExt moduleParameter Descriptionenable Specifies whether the rule is enabled or disabled. Check the box to enable therule (default). Uncheck the box to disable the rule.• If you enable the rule and set the remaining parameters correctly, the serverchecks certificate requests for Basic Constraints extension and removes it.• If you disable the rule, the server does not check the requests for BasicConstraints extension; it ignores the values in the remaining fields.predicate Specifies the predicate expression for this rule. If you want this rule to be appliedto all certificate requests, leave the field blank (default). To form a predicateexpression, see section “Using Predicates in Policy Rules” in Chapter 18, “SettingUp Policies” of CMS Installation and Setup Guide.Example: HTTP_PARAMS.certType==client