Constraints-Specific Policy Module Reference502 Netscape Certificate Management System Administrator’s Guide • February 2003The renewal validity constraints policy enables you to enforce certain restrictionson certificate-renewal requests, when end entities attempt to renew theircertificates.During installation, CMS automatically creates an instance of the renewal validityconstraints policy, named DefaultRenewalValidityRule, that is enabled bydefault.Table 11-8 describes the configuration parameters of theRenewalValidityConstraints policy.RevocationConstraintsThe RevocationConstraints plug-in module imposes constraints on revocationof expired certificates—it allows or restricts the server from revoking expiredcertificates. You may apply this policy to end-entity certificate revocation requests.During installation, CMS automatically creates an instance of the revocationconstraints policy, named RevocationConstraintsRule, that is enabled bydefault.Table 11-9 describes the configuration parameters of the RevocationConstraintspolicy.Table 11-8 RenewalValidityConstraints Configuration ParametersParameter Descriptionenable Specifies whether the rule is enabled or disabled. Select to enable (default), deselectto disable.predicate Specifies the predicate expression for this rule. If you want this rule to be applied toall certificate requests, leave the field blank (default). To form a predicateexpression, see “Using Predicates in Policy Rules” on page 485.minValidity Specifies the minimum validity period, in days, for renewed certificates.maxValidity Specifies the maximum validity period, in days, for renewed certificates.renewalInterval Specifies how many days before its expiration that a certificate can be renewed.Table 11-9 RevocationConstraints Configuration ParametersParameter Descriptionenable Specifies whether the rule is enabled or disabled. Select to enable (default),deselect to disable.
