Configuring Policy Rules for a Subsystem570 Netscape Certificate Management System Installation and Setup Guide • March 2002• Step 6. Restart the Server• Step 7. Test Policy ConfigurationFor information on adding or changing policy-specific information in theconfiguration file, see “Changing the Configuration by Editing the ConfigurationFile” on page 338.Step 1. Before You BeginBefore configuring a Certificate Manager’s or Registration Manager’s policy, besure to do this:• Refer to the X.509 standard and PKIX standard RFC 2459 (seehttp://www.ietf.org/rfc/rfc2459.txt) to get familiar with certificatecontent, including extensions.• Read Chapter 3, “Constraints Policy Plug-in Modules” and Chapter 4,“Certificate Extension Plug-in Modules” of CMS Plug-Ins Guide. Determine therules that you want to use to govern the generation and formulation ofcertificates in your PKI setup. To locate an online version of this book, see“Where to Go for Related Information” on page 28.This planning will help you configure a Certificate Manager and RegistrationManager with the appropriate policy rules so that your end entities get the rightkind of certificate.Step 2. Modify Existing Policy RulesYou can modify a policy rule by editing its configuration parameter values; youcannot edit the name of a rule. To change the name of a rule, you need to create anew rule exactly like the rule you want to rename, except with a new name, anddelete the old rule.As a part of editing a rule, you can change its status from enabled to disabled orvice versa by checking or unchecking the enable parameter. A subsystem subjectscertificate requests only to those rules that are enabled.During installation, the Certificate Manager and Registration Managerautomatically create a set of policy rules (that you would most likely want to use)using the policy modules registered by default. Figure 18-1 shows the policy rulescreated for a Certificate Manager. The Registration Manager also has a similar list.Table 18-3 summarizes the default rules created for both Certificate Manager andRegistration Manager.