<html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">ACK On 09/25/14 09:19, Christina Fu wrote: </div> <blockquote cite="mid:5424408A.7050903@redhat.com" type="cite">This patch is for ticket: <a class="moz-txt-link-freetext" href="https://fedorahosted.org/pki/ticket/1110">https://fedorahosted.org/pki/ticket/1110</a> - pkispawn (configuration) does not provide CA extensions in subordinate certificate signing requests (CSR) It was agreed upon that this patch just needs to provide the bare essential to do the job without anything fancy. As a result, four new pkispawn configuration parameters are introduced with the following default: pki_req_ext_add=False pki_req_ext_oid=1.3.6.1.4.1.311.20.2 pki_req_ext_critical=False pki_req_ext_data=1E0A00530075006200430041 where pki_req_ext_add controls whether this extra request extension is to be added or not to the csr of a CA signing cert (by default it's False). It is available only for the "external CA" case, and only one such extension can be added. There is a potential that in the future we could make this extension available for all cert requests and in multiple. However, it is not a goal at this time for the purpose of this patch. When the need arises, we will file a separate ticket for it. Thanks, Christina <fieldset class="mimeAttachmentHeader"></fieldset> <pre wrap="">_______________________________________________ Pki-devel mailing list <a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre> </blockquote> </body> </html>