Perform the following steps to create your own CertificatePolicies
extension on an individual template basis:
- Edit the pkiserv.conf configuration file and
find the CertPolicy section.
_______________________________________________________________
- Change the value of PolicyRequired to F (False)
as in the following line:
PolicyRequired=F
_______________________________________________________________
- Follow steps 4 through 7 in Steps for creating the CertificatePolicies extension on a global basis to
create the individual policies you need.
_______________________________________________________________
- Update the certificate template to specify the CertificatePolicies
extensions that are to be created for it.
- If you are implementing the Web application using REXX CGI
execs: Edit pkiserv.tmpl and customize the CONSTANT
subsection under the certificate template for which you need CertificatePolicies
extensions.
For example, if you have specified values for PolicyName1,
PolicyName3, and PolicyName6 in
pkiserv.conf, then
you can specify the certificate policies in
pkiserv.tmpl in
the following ways:
%%CertPolicies=3%%
or
%%CertPolicies=3 6%%
or
%%CertPolicies=1 3 6%%
If you want to make the CertPolicies
extension critical, specify the following in the CONSTANT section:
%%Critical=CertPolicies%%
- If you are implementing the Web application using Java™ server pages (JSPs): Edit pkitmpl.xml and
customize the section for the certificate template for which you need
CertificatePolicies extensions.
For example, if you have specified
values for PolicyName1, PolicyName3, and Place-name in
pkiserv.conf,
then you can specify the certificate policies in
pkitmpl.xml in
the following ways:
<tns:CertPolicies>3</tns:CertPolicies>
or
<tns:CertPolicies>3 6</tns:CertPolicies>
or
<tns:CertPolicies>1 3 6</tns:CertPolicies>
If
you want to make the CertPolicies extension critical, specify the
following
tag in the certificate template section:
<tns:Critical>CertPolicies</tns:Critical>
Rule: The policy numbers in the template file must
exist in the pkiserv.conf file. For each
template, you can choose a different subset of these numbers.
_______________________________________________________________
- If you made any changes to the PKI Services configuration,
stop and restart PKI Services to
activate the changes.
_______________________________________________________________