[Pki-users] Modify Certificate Profies - include SubjectAltName

Ebbe Hansen ehansen at spyrus.com
Wed Apr 30 16:57:50 UTC 2008 

Looking at the 'CAUserCert.cfg' profile (first profile on the WEB Agent
profile-list) it appears it should trigger the inclusion of the
"SubjectAltName" extension. I have not been successful generating any
certicites where the SubjectAltName extension is included!

 

In the Agents display the SubjectAltName is listed as 'Null' - even after
editing the 'Null' to the desired RFC822 value, the issued certificate
always comes without any SubjectAtltName extension?

 

What can I do to get the CA to include the SubjectAltName extension? I am
always specifying an email value in the request field!

 

Ebbe

 

 

 

 

"This message and any attached documents contain SPYRUS confidential and/or
proprietary information and may be subject to privilege or exempt from
disclosure under applicable law. These materials are intended only for the
use of the intended recipient. If you are not the intended recipient of this
electronic message, you are hereby notified that any use of this message is
strictly prohibited. Delivery of this message to any person other than the
intended recipient shall not constitute any waiver of any privilege. If you
have received this message in error, please delete this message from your
system and notify the sender immediately. Thank you."

  _____  

From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On
Behalf Of Chris
Sent: Wednesday, April 09, 2008 10:10 PM
To: pki-users at redhat.com
Subject: Re: [Pki-users] Modify Certificate Profies

 

Thanks. That worked. 

On Wed, Apr 9, 2008 at 12:10 PM, Christina Fu <cfu at redhat.com> wrote:

Profiles can be configured in <Dogtag install root>/profiles/ca.  If you add
your own new profiles, you need to modify <Dogtag install root>//conf/CS.cfg
"profile.list" to contain the new profile name, and add the corresponding
"class_id" and "config" (see the existing entries in CS.cfg as example), and
restart the CA.

In addition, Dogtag provides flexible plugin infrastructure that allows
people to customize various areas.  Profile is one of them.
The standard profile related polugins code is in
pki/base/common/src/com/netscape/cms/profile/.  That's for advanced users
who know what they are doing.  Make sure the certs produced still comply.

hope this helps.
Christina

Chris wrote:


Sorry, hit the send by mistake....

I've succesfully installed Dogtag. The documentation was clear and I didn't
have any issues.
 My question is in regards to customizing certificate profiles. In the
current CA environment I manager, I deal with customizing profiles. Is there
a way to create customized certificate profiles?
 The fields which apply are:
 CertificatePolicies
 - Policy Identifier
 - User Notice with custom text
ExtendedKeyUsage
 - New Key Usage OID
  Also, in one profile, we've created a new field that programically ties to
the EKU

On our current CA software, a config file is modified to customize profiles.
Also there is some DER encoding required to convert the appropriate text.

Is this feature available?

------------------------------------------------------------------------

_______________________________________________
Pki-users mailing list
Pki-users at redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
 


_______________________________________________
Pki-users mailing list
Pki-users at redhat.com
https://www.redhat.com/mailman/listinfo/pki-users

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20080430/8c1dcc71/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3916 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20080430/8c1dcc71/attachment.bin>

More information about the Pki-users mailing list