| # $Id: b93d6240.signing_policy,v 1.1 2009/01/10 01:15:56 pmacvsmh Exp $ |
| # Based-on-Id: 1c3f2ca8.signing_policy,v 1.2 2003/05/27 16:29:35 helm Exp $ |
| |
| # ca-signing-policy.conf, see ca-signing-policy.doc for more information |
| # |
| # This is the configuration file describing the policy for what CAs are |
| # allowed to sign whoses certificates. |
| # |
| # This file is parsed from start to finish with a given CA and subject |
| # name. |
| # subject names may include the following wildcard characters: |
| # * Matches any number of characters. |
| # ? Matches any single character. |
| # |
| # CA names must be specified (no wildcards). Names containing whitespaces |
| # must be included in single quotes, e.g. 'Certification Authority'. |
| # Names must not contain new line symbols. |
| # The value of condition attribute is represented as a set of regular |
| # expressions. Each regular expression must be included in double quotes. |
| # |
| # This policy file dictates the following policy: |
| # |
| # The NERSC Online SLCS CA signs certificates in the NERSC domain |
| # |
| # Format: |
| #------------------------------------------------------------------------ |
| # token type | def.authority | value |
| #--------------|---------------|----------------------------------------- |
| # EACL entry #1| |
| |
| access_id_CA X509 '/DC=net/DC=ES/OU=Certificate Authorities/CN=NERSC Online CA' |
| |
| pos_rights globus CA:sign |
| |
| cond_subjects globus '"/DC=gov/DC=nersc/*"' |
| |
| |
| # |
| # End NERSC Online CA Policy |