1 | # $Id: b93d6240.signing_policy,v 1.1 2009/01/10 01:15:56 pmacvsmh Exp $ |
---|
2 | # Based-on-Id: 1c3f2ca8.signing_policy,v 1.2 2003/05/27 16:29:35 helm Exp $ |
---|
3 | |
---|
4 | # ca-signing-policy.conf, see ca-signing-policy.doc for more information |
---|
5 | # |
---|
6 | # This is the configuration file describing the policy for what CAs are |
---|
7 | # allowed to sign whoses certificates. |
---|
8 | # |
---|
9 | # This file is parsed from start to finish with a given CA and subject |
---|
10 | # name. |
---|
11 | # subject names may include the following wildcard characters: |
---|
12 | # * Matches any number of characters. |
---|
13 | # ? Matches any single character. |
---|
14 | # |
---|
15 | # CA names must be specified (no wildcards). Names containing whitespaces |
---|
16 | # must be included in single quotes, e.g. 'Certification Authority'. |
---|
17 | # Names must not contain new line symbols. |
---|
18 | # The value of condition attribute is represented as a set of regular |
---|
19 | # expressions. Each regular expression must be included in double quotes. |
---|
20 | # |
---|
21 | # This policy file dictates the following policy: |
---|
22 | # |
---|
23 | # The NERSC Online SLCS CA signs certificates in the NERSC domain |
---|
24 | # |
---|
25 | # Format: |
---|
26 | #------------------------------------------------------------------------ |
---|
27 | # token type | def.authority | value |
---|
28 | #--------------|---------------|----------------------------------------- |
---|
29 | # EACL entry #1| |
---|
30 | |
---|
31 | access_id_CA X509 '/DC=net/DC=ES/OU=Certificate Authorities/CN=NERSC Online CA' |
---|
32 | |
---|
33 | pos_rights globus CA:sign |
---|
34 | |
---|
35 | cond_subjects globus '"/DC=gov/DC=nersc/*"' |
---|
36 | |
---|
37 | |
---|
38 | # |
---|
39 | # End NERSC Online CA Policy |
---|