[Pki-users] Token Cert Profile Question
Jack Magne
jmagne at redhat.com
Tue Jan 20 00:48:35 UTC 2009
Sean:
Yes, we have a profile for each cert.
If you look in the CS.cfg in /var/lib/pki-tps/conf, you will see that
for each type of token (ie userKey), there is a list of key "types" that
are generated.
For an example of 3 types look for the string:
op.enroll.soKeyTemporary.keyGen.keyType.num=3
The subsequent lines show how a 3rd auth cert is generated.
Veale, Sean wrote:
> I currently have a CS setup where using Gemalto tokens, I can see that
> an signing and encryption certs are written to the card. What
> profile(s) in the /var/lib/<ca instance>/profile directory is used to
> generate the certs in a default dogtag setup?
>
> I noticed there is both a caTokenUserEncryptionKeyEnrollment.cfg and
> caTokenUserSigningLeyEnrollment.cfg profiles in the directory that
> seem to correspond to each of the certs created on the token. That is
> a bit odd to me as I though it usually was one profile that would have
> multiple policysets to handle 2 certs not a seperate profile for each?
>
> The basic question is I'd like to modify the configuration so a third
> cert is created on the card (to be used for authentication) beyond the
> email signing and encryption certs. Anyone know how to do that?
>
> Thanks
> Sean
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/pki-users/attachments/20090119/b3254a13/attachment.bin>
More information about the Pki-users
mailing list