Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

PreviousNextUp[Front page] [Index]

Policy Chains

On the Edit Policy Chains page the CA's policy can be viewed and modified. The policy is divided into separate policy chains. Each chain has a separate function and is applied in certain situations. Remember that these chains are always CA specific. All request operations are always executed enforcing some specific CA's policy.

The basic idea is that the chain either accepts the operation or denies it, but it can also change the request contents in the way.

  • receive-request

    The Receive Request chain is applied when the request first comes into the system and is assigned to a CA. This chain is also applied when the request is reassigned to another CA. Typical functions of this chain are to check if the request is mapped to some entity, to decide if the request should be automatically issued, or to perform some basic checks or changes on the structure of the certification request.

  • accept-request

    The Accept Request chain is run when the request is accepted, before the certificate is actually created. Typically the system makes some sanity checks, such as rejecting all requests with the CA flag set or with a non-matching subject name. Also validity times and CRL distribution points can be defined in this chain.

  • view-request

    The View Request chain is run every time the request is viewed by the operator. Usually this just sets a new validity period.

  • update-request

    The Update Request chain is run before the request template is updated into the Database. The chain can perform sanity checks on names in certification request or strip unwanted extensions away.


policy-sample1-25.gif
Figure : Default manual policy

Policy Modules

Importing and Exporting Policy Chains


PreviousNextUp[Front page] [Index]

===AUTO_SCHEMA_MARKUP===