|[Front page] [Index]|
On the Edit Policy Chains page the CA's policy can be viewed and modified. The policy is divided into separate policy chains. Each chain has a separate function and is applied in certain situations. Remember that these chains are always CA specific. All request operations are always executed enforcing some specific CA's policy.
The basic idea is that the chain either accepts the operation or denies it, but it can also change the request contents in the way.
The Receive Request chain is applied when the request first comes into the system and is assigned to a CA. This chain is also applied when the request is reassigned to another CA. Typical functions of this chain are to check if the request is mapped to some entity, to decide if the request should be automatically issued, or to perform some basic checks or changes on the structure of the certification request.
The Accept Request chain is run when the request is accepted, before the certificate is actually created. Typically the system makes some sanity checks, such as rejecting all requests with the CA flag set or with a non-matching subject name. Also validity times and CRL distribution points can be defined in this chain.
[Front page] [Index]