<div dir="ltr">Hi JD,<div><br></div><div>Just did it and I could sign the certificate. Any idea how to verify (list) the new OID info from a base64 cert?</div><div>thx,</div><div>sp</div></div><div class="gmail_extra"><br>
<br><div class="gmail_quote">2014/1/22 Jindrich Dolezal <span dir="ltr"><<a href="mailto:jindrich.dolezal@adaptivemobile.com" target="_blank">jindrich.dolezal@adaptivemobile.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>hi,<br>
have you tried something like this:<br>
policyset.set1.p6.constraint.class_id=noConstraintImpl<br>
<a href="http://policyset.set1.p6.constraint.name" target="_blank">policyset.set1.p6.constraint.name</a>=No Constraint<br>
policyset.set1.p6.default.class_id=userExtensionDefaultImpl<br>
<a href="http://policyset.set1.p6.default.name" target="_blank">policyset.set1.p6.default.name</a>=User Supplied Key Usage Extension<br>
policyset.set1.p6.default.params.userExtOID=2.16.76.1.3.3<br>
<br>
jd<div><div class="h5"><br>
<br>
On 01/22/2014 11:41 AM, Sergio Pereira wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">
<div dir="ltr">hi guys,
<div><br>
</div>
<div>I'm trying to create a certificate profile in a way to have
at the end a certificate with a special attributes (supplied
by the user through web enrollment form). I'm running dogtag
10.1 on Fedora 20...fresh install. I added a certificate
profile using pkiconsole but I'm struggling in how to find the
right Policies, Inputs and Outputs for the new profile. The
OID I intent to write to it is the 2.16.76.1.3.3 (country
specific OID). Here is my profile's config file:</div>
<div><br>
</div>
<div>auth.instance_id=</div>
<div>desc=UserCNPJ</div>
<div>enable=false</div>
<div>enableBy=admin</div>
<div>input.CNPJ.class_id=genericInputImpl</div>
<div><a href="http://input.CNPJ.name" target="_blank">input.CNPJ.name</a>=Generic
Input</div>
<div>input.CNPJ.params.gi_display_name0=Cadastro Nacional Pessoa
Juridica</div>
<div>input.CNPJ.params.gi_display_name1=</div>
<div>input.CNPJ.params.gi_display_name2=</div>
<div>input.CNPJ.params.gi_display_name3=</div>
<div>
input.CNPJ.params.gi_display_name4=</div>
<div>input.CNPJ.params.gi_param_enable0=true</div>
<div>input.CNPJ.params.gi_param_enable1=false</div>
<div>input.CNPJ.params.gi_param_enable2=false</div>
<div>input.CNPJ.params.gi_param_enable3=false</div>
<div>input.CNPJ.params.gi_param_enable4=false</div>
<div>input.CNPJ.params.gi_param_name0=cnpj</div>
<div>input.CNPJ.params.gi_param_name1=</div>
<div>input.CNPJ.params.gi_param_name2=</div>
<div>input.CNPJ.params.gi_param_name3=</div>
<div>input.CNPJ.params.gi_param_name4=</div>
<div>input.i1.class_id=keyGenInputImpl</div>
<div><a href="http://input.i1.name" target="_blank">input.i1.name</a>=Key
Generation Input</div>
<div>input.i2.class_id=subjectNameInputImpl</div>
<div>
<a href="http://input.i2.name" target="_blank">input.i2.name</a>=Subject
Name Input</div>
<div>input.i3.class_id=submitterInfoInputImpl</div>
<div><a href="http://input.i3.name" target="_blank">input.i3.name</a>=Submitter
Information Input</div>
<div>input.list=i1,i2,i3,CNPJ</div>
<div>input.params.gi_display_name0=Cadastro Nacional Pessoa
Juridica</div>
<div>input.params.gi_display_name1=</div>
<div>input.params.gi_display_name2=</div>
<div>input.params.gi_display_name3=</div>
<div>input.params.gi_display_name4=</div>
<div>input.params.gi_param_enable0=true</div>
<div>input.params.gi_param_enable1=false</div>
<div>input.params.gi_param_enable2=false</div>
<div>input.params.gi_param_enable3=false</div>
<div>input.params.gi_param_enable4=false</div>
<div>input.params.gi_param_name0=cnpj</div>
<div>input.params.gi_param_name1=</div>
<div>input.params.gi_param_name2=</div>
<div>input.params.gi_param_name3=</div>
<div>input.params.gi_param_name4=</div>
<div>lastModified=1390319210315</div>
<div>name=UserCNPJ</div>
<div>output.list=o1</div>
<div>output.o1.class_id=certOutputImpl</div>
<div><a href="http://output.o1.name" target="_blank">output.o1.name</a>=Certificate
Output</div>
<div>policyset.list=set1</div>
<div>policyset.set1.list=p1,p2,p3,p4,p5,p06</div>
<div>policyset.set1.p06.constraint.class_id=noConstraintImpl</div>
<div><a href="http://policyset.set1.p06.constraint.name" target="_blank">policyset.set1.p06.constraint.name</a>=No
Constraint</div>
<div>policyset.set1.p06.default.class_id=userExtensionDefaultImpl</div>
<div><a href="http://policyset.set1.p06.default.name" target="_blank">policyset.set1.p06.default.name</a>=User
Supplied Extension Default</div>
<div>policyset.set1.p06.default.params.userExtOID=Comment
Here...</div>
<div>policyset.set1.p1.constraint.class_id=noConstraintImpl</div>
<div><a href="http://policyset.set1.p1.constraint.name" target="_blank">policyset.set1.p1.constraint.name</a>=No
Constraint</div>
<div>policyset.set1.p1.default.class_id=userSubjectNameDefaultImpl</div>
<div><a href="http://policyset.set1.p1.default.name" target="_blank">policyset.set1.p1.default.name</a>=User
Supplied Subject Name Default</div>
<div>policyset.set1.p2.constraint.class_id=noConstraintImpl</div>
<div><a href="http://policyset.set1.p2.constraint.name" target="_blank">policyset.set1.p2.constraint.name</a>=No
Constraint</div>
<div>policyset.set1.p2.default.class_id=validityDefaultImpl</div>
<div><a href="http://policyset.set1.p2.default.name" target="_blank">policyset.set1.p2.default.name</a>=Validity
Default</div>
<div>policyset.set1.p2.default.params.range=180</div>
<div>policyset.set1.p2.default.params.startTime=0</div>
<div>
policyset.set1.p3.constraint.class_id=noConstraintImpl</div>
<div><a href="http://policyset.set1.p3.constraint.name" target="_blank">policyset.set1.p3.constraint.name</a>=No
Constraint</div>
<div>policyset.set1.p3.default.class_id=userKeyDefaultImpl</div>
<div><a href="http://policyset.set1.p3.default.name" target="_blank">policyset.set1.p3.default.name</a>=User
Supplied Key Default</div>
<div>policyset.set1.p3.default.params.keyMaxLength=4096</div>
<div>policyset.set1.p3.default.params.keyMinLength=512</div>
<div>policyset.set1.p3.default.params.keyType=RSA</div>
<div>policyset.set1.p4.constraint.class_id=noConstraintImpl</div>
<div><a href="http://policyset.set1.p4.constraint.name" target="_blank">policyset.set1.p4.constraint.name</a>=No
Constraint</div>
<div>policyset.set1.p4.default.class_id=signingAlgDefaultImpl</div>
<div><a href="http://policyset.set1.p4.default.name" target="_blank">policyset.set1.p4.default.name</a>=Signing
Algorithm Default</div>
<div>policyset.set1.p4.default.params.signingAlg=-</div>
<div>policyset.set1.p4.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,,SHA512withEC</div>
<div>policyset.set1.p5.constraint.class_id=noConstraintImpl</div>
<div><a href="http://policyset.set1.p5.constraint.name" target="_blank">policyset.set1.p5.constraint.name</a>=No
Constraint</div>
<div>policyset.set1.p5.default.class_id=keyUsageExtDefaultImpl</div>
<div><a href="http://policyset.set1.p5.default.name" target="_blank">policyset.set1.p5.default.name</a>=Key
Usage Extension Default</div>
<div>policyset.set1.p5.default.params.keyUsageCritical=true</div>
<div>policyset.set1.p5.default.params.keyUsageCrlSign=true</div>
<div>policyset.set1.p5.default.params.keyUsageDataEncipherment=true</div>
<div>policyset.set1.p5.default.params.keyUsageDecipherOnly=true</div>
<div>policyset.set1.p5.default.params.keyUsageDigitalSignature=true</div>
<div>policyset.set1.p5.default.params.keyUsageEncipherOnly=true</div>
<div>policyset.set1.p5.default.params.keyUsageKeyAgreement=true</div>
<div>policyset.set1.p5.default.params.keyUsageKeyCertSign=true</div>
<div>policyset.set1.p5.default.params.keyUsageKeyEncipherment=true</div>
<div>policyset.set1.p5.default.params.keyUsageNonRepudiation=true</div>
<div>visible=true</div>
<div> </div>
<div>thx in advance,</div>
<div>sergio</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
Pki-users mailing list
<a href="mailto:Pki-users@redhat.com" target="_blank">Pki-users@redhat.com</a>
<a href="https://www.redhat.com/mailman/listinfo/pki-users" target="_blank">https://www.redhat.com/mailman/listinfo/pki-users</a></pre>
</blockquote>
<br>
<p></pre>****************************************************************************************<br>This email and any files transmitted with are confidential and intended solely for the<br>use of the individual or entity to whom they are addressed. If you have received this<br>email in error then please delete it and notify the sender. Do not make a copy or forward<br>it to anyone. This footnote also confirms that this email message has been swept for the<br>presence of computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O<br>****************************************************************************************</pre></p>
</div>
<br>_______________________________________________<br>
Pki-users mailing list<br>
<a href="mailto:Pki-users@redhat.com">Pki-users@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/pki-users" target="_blank">https://www.redhat.com/mailman/listinfo/pki-users</a><br></blockquote></div><br></div>