Path Validation Settings - ADSS-Admin-Guide

Home > ADSS Verification Service > Configuring the Verification Service > Step 4 - Configuring Verification Profile > Path Validation Settings

Path Validation Settings

Path Validation Settings determine how the certificate chain (prepared via Path Discovery) will be validated.

Each element of the form is described below:

Item	Description
Use basic path validation	This approach is not PKIX compliant and policy extensions are not checked in the certificates while validating. However it is a much faster method than other. Only these checks are performed in basic validation mode: Certificate Validation Signature Verification Revocation Status Key Usages and Extended Key Usages
Use advanced path validation	Select this option to perform PKIX compliant path validation. It strictly follows the PKIX algorithm and thus certificates that are not PKIX compliant cannot be validated. The following checks are performed in the advanced validation mode in addition to the basic path validation: initial-policy-set initial-explicit-policy initial-policy-mapping-inhibit initial-inhibit-any-policy
Inhibit Policy Mapping	The Inhibit Policy Mapping option controls whether policy mapping is allowed during certification path validation. The inhibitPolicyMapping item inhibits certificate policy mapping during certification path validation.
Require Explicit Policy	The requireExplicitPolicy item specifies an input to the certification path validation algorithm, and it controls that there must be at least one valid policy in the certificate policies extension.
Inhibit anyPolicy	The requireExplicitPolicy item specifies an input to the certification path validation algorithm, and it controls that there must be at least one valid policy in the certificate policies extension.
Acceptable certificate policy OIDs	The userPolicySet item specifies a list of certificate policy identifiers that the SCVP server MUST use when constructing and validating a certification path. The userPolicySet item specifies the user-initial-policy-set. A userPolicySet containing the anyPolicy OID indicates a user-initial-policy-set of any-policy.
Permitted Subject Names	The PKIX validation algorithm allows the client to set one or more subject names that MUST appear in the certificate chain. If the configured subjects are matched against the certificate chain then this check will be passed otherwise an error will be returned to the user. If multiple DNs are configured then an OR operator is used for validation.
Excluded Subject Names	The PKIX validation algorithm allows the client to set one or more subject names that MUST NOT appear in the certificate chain. If the Permitted Subject Names checkbox is checked then this check is applied on the Permitted certificates otherwise any certificate that meets this criteria will be rejected.
Key Usages	The Key Usages item indicates the technical usage of the public key that is to be confirmed by the server as acceptable. Key Usages with OR operator are shown in multiple lines in the Selected Key Usages while the Key Usages with AND operator are shown comma separated in a single line.
Extended Key Usages	The Extended Key Usages item indicates the application-specific usage of the public key that is to be confirmed by the server as acceptable.

If you wish that user can set the value of any attribute in the request then check the relevant overriable checkbox.Clicking the Next button will display the Advanced Settings page.