blob: 6b5555445cc5b0990ebe17e670ba63d97a8a5d40 [file] [log] [blame]
# $Id: b93d6240.signing_policy,v 1.1 2009/01/10 01:15:56 pmacvsmh Exp $
# Based-on-Id: 1c3f2ca8.signing_policy,v 1.2 2003/05/27 16:29:35 helm Exp $
# ca-signing-policy.conf, see ca-signing-policy.doc for more information
#
# This is the configuration file describing the policy for what CAs are
# allowed to sign whoses certificates.
#
# This file is parsed from start to finish with a given CA and subject
# name.
# subject names may include the following wildcard characters:
# * Matches any number of characters.
# ? Matches any single character.
#
# CA names must be specified (no wildcards). Names containing whitespaces
# must be included in single quotes, e.g. 'Certification Authority'.
# Names must not contain new line symbols.
# The value of condition attribute is represented as a set of regular
# expressions. Each regular expression must be included in double quotes.
#
# This policy file dictates the following policy:
#
# The NERSC Online SLCS CA signs certificates in the NERSC domain
#
# Format:
#------------------------------------------------------------------------
# token type | def.authority | value
#--------------|---------------|-----------------------------------------
# EACL entry #1|
access_id_CA X509 '/DC=net/DC=ES/OU=Certificate Authorities/CN=NERSC Online CA'
pos_rights globus CA:sign
cond_subjects globus '"/DC=gov/DC=nersc/*"'
#
# End NERSC Online CA Policy