Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

Policy Chains

On the Edit Policy Chains page the CA's policy can be viewed and modified. The policy is divided into separate policy chains. Each chain has a separate function and is applied in certain situations. Remember that these chains are always CA specific. All request operations are always executed enforcing some specific CA's policy.

The basic idea is that the chain either accepts the operation or denies it, but it can also change the request contents in the way.

  • receive-request

    The Receive Request chain is applied when the request first comes into the system and is assigned to a CA. This chain is also applied when the request is reassigned to another CA. Typical functions of this chain are to check if the request is mapped to some entity, to decide if the request should be automatically issued, or to perform some basic checks or changes on the structure of the certification request.

  • accept-request

    The Accept Request chain is run when the request is accepted, before the certificate is actually created. Typically the system makes some sanity checks, such as rejecting all requests with the CA flag set or with a non-matching subject name. Also validity times and CRL distribution points can be defined in this chain.

  • view-request

    The View Request chain is run every time the request is viewed by the operator. Usually this just sets a new validity period.

  • update-request

    The Update Request chain is run before the request template is updated into the Database. The chain can perform sanity checks on names in certification request or strip unwanted extensions away.

Figure : Default manual policy

Policy Modules

Importing and Exporting Policy Chains

PreviousNextUp[Front page] [Index]

Want to see how PrivX can help your organisation?

Are you a DEVELOPER accessing cloud hosts, are you a IT ADMIN managing access & credentials in your corporation, are you BUSINESS MANAGER and want to save money or are you responsible of IT SECURITY in DevOps