Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

Policy Chains

On the Edit Policy Chains page the CA's policy can be viewed and modified. The policy is divided into separate policy chains. Each chain has a separate function and is applied in certain situations. Remember that these chains are always CA specific. All request operations are always executed enforcing some specific CA's policy.

The basic idea is that the chain either accepts the operation or denies it, but it can also change the request contents in the way.

  • receive-request

    The Receive Request chain is applied when the request first comes into the system and is assigned to a CA. This chain is also applied when the request is reassigned to another CA. Typical functions of this chain are to check if the request is mapped to some entity, to decide if the request should be automatically issued, or to perform some basic checks or changes on the structure of the certification request.

  • accept-request

    The Accept Request chain is run when the request is accepted, before the certificate is actually created. Typically the system makes some sanity checks, such as rejecting all requests with the CA flag set or with a non-matching subject name. Also validity times and CRL distribution points can be defined in this chain.

  • view-request

    The View Request chain is run every time the request is viewed by the operator. Usually this just sets a new validity period.

  • update-request

    The Update Request chain is run before the request template is updated into the Database. The chain can perform sanity checks on names in certification request or strip unwanted extensions away.

Figure : Default manual policy

Policy Modules

Importing and Exporting Policy Chains

PreviousNextUp[Front page] [Index]




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now