<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi, thanks for your answer<div><br></div><div><div>- in the profile, that policyset.caCertSet.list has p7                <b>DONE</b></div><div><div>- the CA was restarted after the custom profile changes       <b>DONE</b></div></div><div>- debug log   <b>DONE?</b></div><div><div>[24/Apr/2019:12:45:33][http-bio-8443-exec-1]: RequestProcessor: profileId=caClase1</div><div>[24/Apr/2019:12:46:29][localhost-startStop-1]: Start Profile Creation - caClase1 caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile</div><div>[24/Apr/2019:12:46:29][localhost-startStop-1]: Done Profile Creation - caClase1</div><div>[24/Apr/2019:12:46:29][localhost-startStop-1]: Registered Confirmation - caClase1</div></div><div><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><br></div><div>Also looked for more logs...</div><div>I see and XML section for some reason i see this in the XML</div><div><description>This default populates a Certificate Policies Extension to the request. The default values are Criticality=true, {PoliciesExt.num:1,{Enable:true,Policy Id:1.3.6.1.4.1.6.1.1.1.1,PolicyQualifiers.num:,{CPSuri Enable:true,UserNotice Enable:true,UserNoticeReference Organization:Company text Here,UserNoticeReference Numbers:1,UserNoticeReference Explicit Text:Some Text Here,CPS uri:<a href="http://url.com/}}">http://url.com/}}</a>}</description><br></div><div><br></div><div><b>BUTTTTT, if i go down in the file i see</b></div><div><div>PoliciesExt.certPolicy0.enable:true&#xD;</div><div>PoliciesExt.certPolicy0.policyId:1.3.6.1.4.1.6.1.1.1.1&#xD;</div><div>PoliciesExt.certPolicy0.PolicyQualifiers.num:1&#xD;</div><div>PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable:true&#xD;</div><div>PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value:<a href="http://url.com/&#xD">http://url.com/&#xD</a>;</div><div>PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable:<b>false</b>&#xD;</div><div>PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization:&#xD;</div><div>PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers:&#xD;</div><div>PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value:&#xD;</div></div><div><br></div><div><b>The last 3 lines are EMPTY.</b></div><div><br></div><div><br></div><div><table style="border-spacing:0px;border-collapse:collapse;color:rgb(51,51,51);line-height:1.4;font-family:"Lucida Console",Monaco,monospace;font-size:10.4px"><tbody><tr><td valign="top" style="padding:0px 12px 0px 0px"><img src="https://mysignature.io/images/photos/305145143e15ed99571bf9733bfd8475.jpg" style="border: 0px; vertical-align: middle; width: 100px; border-radius: 0%;"></td><td valign="top" style="padding:0px 0px 0px 12px;font-size:1em;font-family:"Lucida Console",Monaco,monospace;border-left:1px solid rgb(61,133,198)"><div><span style="font-weight:600;font-size:1.5em;color:rgb(61,133,198)">Jonathan Montero</span></div><div style="line-height:1em"> </div><div>IT Professional | IT Trainer</div><div><div><span style="font-weight:600;color:rgb(61,133,198)">M:</span> <a href="tel:809-609-3003" style="background-color:transparent;color:rgb(0,0,0)" target="_blank">809-609-3003</a></div><div><span style="font-weight:600;color:rgb(61,133,198)">S:</span> <a style="background-color:transparent;color:rgb(0,0,0)">tuxmontero</a></div><div><span style="font-weight:600;font-size:1em;color:rgb(61,133,198)">E:</span> <a href="mailto:jmrxto@gmail.com" style="background-color:transparent;color:rgb(0,0,0)" target="_blank">jmrxto@gmail.com</a></div><div><span style="font-weight:600;color:rgb(61,133,198)">A: </span>Santo Domingo, DR</div></div><div style="line-height:1em"> </div><div><a href="http://jonathanmontero.com/" style="background-color:transparent;color:rgb(61,133,198)" target="_blank">jonathanmontero.com</a></div><div style="line-height:1em"> </div><table style="border-spacing:0px;border-collapse:collapse;background-color:transparent"><tbody><tr><td style="padding:0px;font-family:Arial"><a href="https://www.linkedin.com/in/monterojonathan" style="background-color:transparent;color:rgb(51,122,183);line-height:0;margin:0px 5px 0px 0px;display:inline-block;padding:0px" target="_blank"><img width="27px" src="https://mysignature.io/images/socials/89d70f7d4de8478ad2b7119b7e8477d1.png" style="border: 0px; vertical-align: middle;"></a><a href="https://twitter.com/tuxmontero" style="background-color:transparent;color:rgb(51,122,183);line-height:0;margin:0px 5px 0px 0px;display:inline-block;padding:0px" target="_blank"><img width="27px" src="https://mysignature.io/images/socials/dc706095d52a25f1f36c1012c67e93a2.png" style="border: 0px; vertical-align: middle;"></a><a href="https://www.facebook.com/jmrxto" style="background-color:transparent;color:rgb(51,122,183);line-height:0;margin:0px 5px 0px 0px;display:inline-block;padding:0px" target="_blank"><img width="27px" src="https://mysignature.io/images/socials/a6f0bf723e5819f4e3fa70e5c44121c0.png" style="border: 0px; vertical-align: middle;"></a><a href="https://github.com/tuxmontero" style="background-color:transparent;color:rgb(51,122,183);line-height:0;margin:0px 5px 0px 0px;display:inline-block;padding:0px" target="_blank"><img width="27px" src="https://mysignature.io/images/socials/898785292fefff9ccce988a5cf544d23.png" style="border: 0px; vertical-align: middle;"></a></td></tr></tbody></table></td></tr></tbody></table></div><div><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><br></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Apr 24, 2019 at 12:26 PM Marc Sauton <<a href="mailto:msauton@redhat.com">msauton@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">make sure:<div>- in the profile, that policyset.caCertSet.list has p7</div><div>- the CA was restarted after the custom profile changes</div><div>- a review of the CA debug log, the profile you modified should be listed after a restart as, for example:</div><div><div>[14/Feb/2019:00:30:49][localhost-startStop-1]: added plugin profile caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate Authority Server Certificate Enrollment Profile com.netscape.cms.profile.common.ServerCertCAEnrollProfile</div><div>[14/Feb/2019:00:31:43][localhost-startStop-1]: added plugin profile caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate Authority Server Certificate Enrollment Profile com.netscape.cms.profile.common.ServerCertCAEnrollProfile</div><div>[14/Feb/2019:00:31:45][localhost-startStop-1]: Start Profile Creation - caServerCert caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile</div><div>[14/Feb/2019:00:31:45][localhost-startStop-1]: Done Profile Creation - caServerCert</div><div>[14/Feb/2019:00:31:45][localhost-startStop-1]: Registered Confirmation - caServerCert</div></div><div>and between the "Start" and "Done", there should be the details of the profile, with string "BasicProfile: createProfilePolicy" and more info</div><div>- review the same debug log after enrollment, for more details.</div><div>Thanks,</div><div>Marc S.</div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 23, 2019 at 9:23 PM Jonathan Montero <<a href="mailto:jmrxto@gmail.com" target="_blank">jmrxto@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi, I'm having an issue regarding the certificates policies.<div><br></div><div>It is as follows...</div><div><div>policyset.caCertSet.p7.constraint.class_id=noConstraintImpl</div><div><a href="http://policyset.caCertSet.p7.constraint.name" target="_blank">policyset.caCertSet.p7.constraint.name</a>=No Constraint</div><div>policyset.caCertSet.p7.default.class_id=certificatePoliciesExtDefaultImpl</div><div><a href="http://policyset.caCertSet.p7.default.name" target="_blank">policyset.caCertSet.p7.default.name</a>=Certificate Policies Extension Default</div><div>policyset.caCertSet.p7.default.params.Critical=true</div><div>policyset.caCertSet.p7.default.params.PoliciesExt.num=1</div><div>policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.enable=true</div><div>policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1</div><div>policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true</div><div>policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=<a href="http://url.com/" target="_blank">http://url.com/</a></div><div>policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=true</div><div>policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=Some Text Here</div><div>policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=1</div><div>policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=Company text Here</div></div><div><br></div><div><br></div><div>So, with this configuration i got not all the result i want, don't know why....</div><div><br></div><div>i obtain </div><div>policyId=1.3.6.1.4.1.6.1.1.1.1</div><div><br></div><div>Also</div><div>CPSURI.value=<a href="http://url.com/" target="_blank">http://url.com/</a></div><div><br></div><div>But can't get the explicitText.value and organization...</div><div><br></div><div>For some reason, those 2 latter options don't appear in the certificate.</div><div><br></div><div>What could this be?</div><div><br></div><div><br clear="all"><div><div dir="ltr" class="gmail-m_-3638791967618670973gmail-m_-57549223883408313gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><br></div><div><br></div><div><table style="border-spacing:0px;border-collapse:collapse;color:rgb(51,51,51);line-height:1.4;font-family:"Lucida Console",Monaco,monospace;font-size:10.4px"><tbody><tr><td valign="top" style="padding:0px 12px 0px 0px"><img src="https://mysignature.io/images/photos/305145143e15ed99571bf9733bfd8475.jpg" style="border: 0px; vertical-align: middle; width: 100px; border-radius: 0%;"></td><td valign="top" style="padding:0px 0px 0px 12px;font-size:1em;font-family:"Lucida Console",Monaco,monospace;border-left:1px solid rgb(61,133,198)"><div><span style="font-weight:600;font-size:1.5em;color:rgb(61,133,198)">Jonathan Montero</span></div><div style="line-height:1em"> </div><div>IT Professional | IT Trainer</div><div><div><span style="font-weight:600;color:rgb(61,133,198)">M:</span> <a href="tel:809-609-3003" style="background-color:transparent;color:rgb(0,0,0)" target="_blank">809-609-3003</a></div><div><span style="font-weight:600;color:rgb(61,133,198)">S:</span> <a style="background-color:transparent;color:rgb(0,0,0)">tuxmontero</a></div><div><span style="font-weight:600;font-size:1em;color:rgb(61,133,198)">E:</span> <a href="mailto:jmrxto@gmail.com" style="background-color:transparent;color:rgb(0,0,0)" target="_blank">jmrxto@gmail.com</a></div><div><span style="font-weight:600;color:rgb(61,133,198)">A: </span>Santo Domingo, DR</div></div><div style="line-height:1em"> </div><div><a href="http://jonathanmontero.com/" style="background-color:transparent;color:rgb(61,133,198)" target="_blank">jonathanmontero.com</a></div><div style="line-height:1em"> </div><table style="border-spacing:0px;border-collapse:collapse;background-color:transparent"><tbody><tr><td style="padding:0px;font-family:Arial"><a href="https://www.linkedin.com/in/monterojonathan" style="background-color:transparent;color:rgb(51,122,183);line-height:0;margin:0px 5px 0px 0px;display:inline-block;padding:0px" target="_blank"><img width="27px" src="https://mysignature.io/images/socials/89d70f7d4de8478ad2b7119b7e8477d1.png" style="border: 0px; vertical-align: middle;"></a><a href="https://twitter.com/tuxmontero" style="background-color:transparent;color:rgb(51,122,183);line-height:0;margin:0px 5px 0px 0px;display:inline-block;padding:0px" target="_blank"><img width="27px" src="https://mysignature.io/images/socials/dc706095d52a25f1f36c1012c67e93a2.png" style="border: 0px; vertical-align: middle;"></a><a href="https://www.facebook.com/jmrxto" style="background-color:transparent;color:rgb(51,122,183);line-height:0;margin:0px 5px 0px 0px;display:inline-block;padding:0px" target="_blank"><img width="27px" src="https://mysignature.io/images/socials/a6f0bf723e5819f4e3fa70e5c44121c0.png" style="border: 0px; vertical-align: middle;"></a><a href="https://github.com/tuxmontero" style="background-color:transparent;color:rgb(51,122,183);line-height:0;margin:0px 5px 0px 0px;display:inline-block;padding:0px" target="_blank"><img width="27px" src="https://mysignature.io/images/socials/898785292fefff9ccce988a5cf544d23.png" style="border: 0px; vertical-align: middle;"></a></td></tr></tbody></table></td></tr></tbody></table></div><div><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
_______________________________________________<br>
Pki-users mailing list<br>
<a href="mailto:Pki-users@redhat.com" target="_blank">Pki-users@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/pki-users" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/pki-users</a></blockquote></div>
</blockquote></div>