Certificate name filtering (CNF) support allows certificates to be associated with users without having to add each certificate to the CA Top Secret security file. This decreases the amount of storage and the administration needed to support a large number of certificates.
Certificate name filtering allows profiles based on the certificate subject/issuer distinguished name to be used to select the ACID to assign for a particular certificate. Many certificates can be associated with a single ACID. This support provides more granular access control and accountability.
When a certificate name filter is defined, the information is stored in a CERTMAP record in the SDT on the security file. The filter definition specifies the significant portion of the issuer's or subject's distinguished name that is used to associate an ACID with a certificate.
Additional criteria can be specified to identify the ACID to be used. CA Top Secret supports two system variables (system id and application id) that can be used to select the ACID. Sites can also define their own variables to be used as selection criteria. Criteria data is stored in a CRITMAP record in the SDT. CERTMAP and CRITMAP records are created with the TSS ADD command.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|