[Pki-users] Token Cert Profile Question
Veale, Sean
sean.veale at gdc4s.com
Thu Jan 22 22:02:12 UTC 2009
Thanks.
Where is it specified the type of token to use in the enrollement process?
Thanks
Sean
-----Original Message-----
From: Jack Magne [mailto:jmagne at redhat.com]
Sent: Monday, January 19, 2009 7:49 PM
To: Veale, Sean
Cc: pki-users at redhat.com
Subject: Re: [Pki-users] Token Cert Profile Question
Sean:
Yes, we have a profile for each cert.
If you look in the CS.cfg in /var/lib/pki-tps/conf, you will see that for
each type of token (ie userKey), there is a list of key "types" that are
generated.
For an example of 3 types look for the string:
op.enroll.soKeyTemporary.keyGen.keyType.num=3
The subsequent lines show how a 3rd auth cert is generated.
Veale, Sean wrote:
> I currently have a CS setup where using Gemalto tokens, I can see that
> an signing and encryption certs are written to the card. What
> profile(s) in the /var/lib/<ca instance>/profile directory is used to
> generate the certs in a default dogtag setup?
>
> I noticed there is both a caTokenUserEncryptionKeyEnrollment.cfg and
> caTokenUserSigningLeyEnrollment.cfg profiles in the directory that
> seem to correspond to each of the certs created on the token. That is
> a bit odd to me as I though it usually was one profile that would have
> multiple policysets to handle 2 certs not a seperate profile for each?
>
> The basic question is I'd like to modify the configuration so a third
> cert is created on the card (to be used for authentication) beyond the
> email signing and encryption certs. Anyone know how to do that?
>
> Thanks
> Sean
> ----------------------------------------------------------------------
> --
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6382 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20090122/c1ca5f71/attachment.bin>
More information about the Pki-users
mailing list