Configuring a Registration ManagerChapter 4 Registration Manager 159enrollment request is processed, it is evaluated against all policies that areapplicable to this type of request. Any policy that has no predicate is evaluatedagainst all certificate requests. Those with predicates are evaluated againstcertificates requests that match the predicate value of the policy. The predicatevalue can be a certificate type, like a CA certificate or an SSL signing certificate, inwhich case, all requests for that type of certificate are evaluated by the policy. Thepredicate value can be some other evaluator that can be matched in the request.You can use hidden values in the request form to match predicate values.When using the policy feature for enrollment, you must take care to associate aform with all of the policies you want to be evaluated for this certificate request.Some of the policies can be configured to collect other information about an endentity from an LDAP directory and place that information in the certificate. Adefault set of policies is created. Some of these are enabled and some are disabled.You need to configure the policy feature by configuring the existing policies,deleting unwanted policies, and creating needed policies that are not created bydefault.For detailed information, see Chapter 11, “Policies.”If you set up and enable policies in the Registration Manager, you must be carefulhow you set up policies in the Certificate Manager that issues certificates for thisRegistration Manager. Requests sent by the Registration Manager will be evaluatedby the policies set up in the Certificate Manager.Configuring Certificate ProfilesThe certificate profile feature uses instances of certificate profile plug-ins that canbe configured to issue a type of certificate. The certificate profile contains defaultsthat specify the contents and the value of that content for this type of certificate,constraints that constrain the content of this type of certificate, associate thecertificate profile with a set up authentication method, and define the contents ofthe enrollment page and the output page when an automated authenticationmethod is used.The default instances of certificate profiles are for particular types of certificatesincluding a CA certificate, SSL server certificate, end-entity certificate, and so on.Each certificate profile is associated with the certificate profile form in the endentity interface that lists all of the available certificate profiles. The end entitychooses the certificate profile when submitting the request. You can customize thisform. Any enabled certificate profiles will appear as links on this form. Those linkstake the user to a dynamically created HTML page that is generated based on theinputs set in the certificate profile.
