[Pki-users] Modify Certificate Profies
Christina Fu
cfu at redhat.com
Wed Apr 9 19:10:20 UTC 2008
Profiles can be configured in <Dogtag install root>/profiles/ca. If you
add your own new profiles, you need to modify <Dogtag install
root>//conf/CS.cfg "profile.list" to contain the new profile name, and
add the corresponding "class_id" and "config" (see the existing entries
in CS.cfg as example), and restart the CA.
In addition, Dogtag provides flexible plugin infrastructure that allows
people to customize various areas. Profile is one of them.
The standard profile related polugins code is in
pki/base/common/src/com/netscape/cms/profile/. That's for advanced
users who know what they are doing. Make sure the certs produced still
comply.
hope this helps.
Christina
Chris wrote:
>
> Sorry, hit the send by mistake....
>
> I've succesfully installed Dogtag. The documentation was clear and I
> didn't have any issues.
>
> My question is in regards to customizing certificate profiles. In the
> current CA environment I manager, I deal with customizing profiles. Is
> there a way to create customized certificate profiles?
>
> The fields which apply are:
>
> CertificatePolicies
> - Policy Identifier
> - User Notice with custom text
> ExtendedKeyUsage
> - New Key Usage OID
>
>
> Also, in one profile, we've created a new field that programically
> ties to the EKU
>
> On our current CA software, a config file is modified to customize
> profiles. Also there is some DER encoding required to convert the
> appropriate text.
>
> Is this feature available?
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
More information about the Pki-users
mailing list