<div dir="ltr"><div><div>Thanks. The problem is that i have to specify multiple entries, and this is when things go weird.<br><br>policyset.serverCertSet.5.constraint.class_id=noConstraintImpl<br><a href="http://policyset.serverCertSet.5.constraint.name">policyset.serverCertSet.5.constraint.name</a>=No Constraint<br>policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl<br><a href="http://policyset.serverCertSet.5.default.name">policyset.serverCertSet.5.default.name</a>=AIA Extension Default<br>policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true<br>policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName<br>policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=<br>policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1<br>policyset.serverCertSet.5.default.params.authInfoAccessCritical=false<br><br>policyset.serverCertSet.5.default.params.authInfoAccessADEnable_1=true<br>policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_1=URI<br>policyset.serverCertSet.5.default.params.authInfoAccessADLocation_1=<a href="http://server1/cert1.crt">http://server1/cert1.crt</a><br>policyset.serverCertSet.5.default.params.authInfoAccessADMethod_1=1.3.6.1.5.5.7.48.2<br><br>policyset.serverCertSet.5.default.params.authInfoAccessADEnable_2=true<br>policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_2=URI<br>policyset.serverCertSet.5.default.params.authInfoAccessADLocation_2=<a href="http://server2/cert2.crt">http://server2/cert2.crt</a><br>policyset.serverCertSet.5.default.params.authInfoAccessADMethod_2=1.3.6.1.5.5.7.48.2<br><br>policyset.serverCertSet.5.default.params.authInfoAccessADEnable_3=true<br>policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_3=URI<br>policyset.serverCertSet.5.default.params.authInfoAccessADLocation_3=ldap:///CN=someconnectionstring<br>policyset.serverCertSet.5.default.params.authInfoAccessADMethod_3=1.3.6.1.5.5.7.48.2<br><br>policyset.serverCertSet.5.default.params.authInfoAccessCritical=false<br>policyset.serverCertSet.5.default.params.authInfoAccessNumADs=4<br><br><br></div>What happens in dogtag is that the first field is filled out with values, but there are empty records following like so : <br><br><br>Record #0<br>Method:1.3.6.1.5.5.7.48.1<br>Location Type:URIName<br>Location:<a href="http://dogtaginstance:8080/ca/ocsp">http://dogtaginstance:8080/ca/ocsp</a><br>Enable:true<br><br>Record #1<br>Method:<br>Location Type:<br>Location:<br>Enable:false<br><br>Record #2<br>Method:<br>Location Type:<br>Location:<br>Enable:false<br><br>Record #3<br>Method:<br>Location Type:<br>Location:<br>Enable:false<br><br></div>And i have to fill them out manually. Then the fields get passed to the certificate. What could possibly be wrong here?<br></div><div class="gmail_extra"><br><div class="gmail_quote">2016-01-14 19:36 GMT+01:00 John Magne <span dir="ltr"><<a href="mailto:jmagne@redhat.com" target="_blank">jmagne@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Here is an example in the file we ship DomainController.cfg<br>
There are others in the directory /var/lib/pki/pki-tomcat/ca/profiles/ca if you need more:<br>
<br>
policyset.set1.5.default.class_id=authInfoAccessExtDefaultImpl<br>
<a href="http://policyset.set1.5.default.name" rel="noreferrer" target="_blank">policyset.set1.5.default.name</a>=AIA Extension Default<br>
policyset.set1.5.default.params.authInfoAccessADEnable_0=true<br>
policyset.set1.5.default.params.authInfoAccessADLocationType_0=URIName<br>
policyset.set1.5.default.params.authInfoAccessADLocation_0=<a href="http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit" rel="noreferrer" target="_blank">http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit</a><br>
policyset.set1.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.2<br>
policyset.set1.5.default.params.authInfoAccessCritical=false<br>
policyset.set1.5.default.params.authInfoAccessNumADs=1<br>
<div><div class="h5"><br>
<br>
<br>
----- Original Message -----<br>
> From: "marcin kowalski" <<a href="mailto:yoshi314@gmail.com">yoshi314@gmail.com</a>><br>
> To: <a href="mailto:pki-users@redhat.com">pki-users@redhat.com</a><br>
> Sent: Thursday, January 14, 2016 5:00:56 AM<br>
> Subject: [Pki-users] [dogtag] CA Issuers fields in authinfoaccess extension   - how?<br>
><br>
> Hi all ; I am running a subordinate ca dogtag instance, and i would like to<br>
> copy AuthInfoExtension fields from the master ca cert into final<br>
> certificates signed in dogtag<br>
><br>
> I am struggling to add a few caIssuers fields to authInfoExtension fields in<br>
> issued certificates<br>
><br>
> the fields in question are to be like so (from openssl output of the master<br>
> ca certificate)<br>
><br>
> CA Issuers - URI: <a href="http://server/name.crt" rel="noreferrer" target="_blank">http://server/name.crt</a><br>
> CA Issuers - URI: <a href="http://backupserver/name.crt" rel="noreferrer" target="_blank">http://backupserver/name.crt</a><br>
><br>
><br>
> Are there any examples out there so that i can figure this out?<br>
><br>
</div></div>> _______________________________________________<br>
> Pki-users mailing list<br>
> <a href="mailto:Pki-users@redhat.com">Pki-users@redhat.com</a><br>
> <a href="https://www.redhat.com/mailman/listinfo/pki-users" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/pki-users</a><br>
</blockquote></div><br></div>