Configuring Policy Rules for a Subsystem
Chapter
18
Setting Up Policies
569
Note that the policy processor applies only the enabled policy rules, in the order in
which they are configured, before determining the final outcome. Each rule the
processor executes returns a
PolicyResult
object. Three return values are
possible:
•
PolicyResult.REJECTED
(indicates that the request failed the rule)
•
PolicyResult.DEFERRED
(indicates that the request requires agent approval)
•
PolicyResult.ACCEPTED
(indicates that the request passed the rule)
After all the policy rules are applied, the processor determines the status of the
request (in this order):
1.
If the request failed any policy rule (that is, if any of the policy rules returned a
PolicyResult.REJECTED
value), the processor rejects the request. The rule
that rejected the request sets appropriate error messages on the request.
2.
If at least one of the policy rules requires agent approval for the request (that is,
if any of the policy rules returned a
PolicyResult.DEFERRED
value), the
processor stores the request in the request queue for agent approval.
3.
If the request passes all the policy rules (that is, all policy rules returned a
PolicyResult.ACCEPTED
value), the request gets serviced—for example the
certificate is issued or renewed.
Configuring Policy Rules for a Subsystem
You can configure the main subsystems of Certificate Management System
(CMS)—the Certificate Manager, Registration Manager, and Data Recovery
Manager—to apply certain organizational policies on end entities’ certificate
enrollment, renewal, and revocation requests before servicing them. This section
explains how to configure a subsystem to evaluate end-entity requests based on a
set of policy rules.
The steps are as follows:
•
Step 1. Before You Begin
•
Step 2. Modify Existing Policy Rules
•
Step 3. Delete Unwanted Policy Rules
•
Step 4. Add New Policy Rules
•
Step 5. Reorder Policy Rules
Summary of Contents for NETSCAPE MANAGEMENT SYSTEM 6.0
Page 1: ...Installation and Setup Guide Netscape Certificate Management System Version6 0 March 2002...
Page 22: ...22 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 32: ...32 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 160: ...160 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 776: ...776 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 807: ...807 Part 5 Appendix Appendix A Certificate Download Specification...
Page 808: ...808 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 830: ...830 Netscape Certificate Management System Installation and Setup Guide March 2002...