[Pki-users] Questions on customizing certificate profiles
Chandrasekar Kannan
ckannan at redhat.com
Fri Apr 9 00:13:31 UTC 2010
On 04/08/2010 04:52 PM, Arshad Noor wrote:
> However, when I did modify the *.cfg files in the profiles/ca
> directory to customize the extensions, none of the changes were
> picked up.
For the CA, You would need to edit the conf/*.profile files. restart the
instance. Go through the wizard and see if your customization's
show up.
IIRC this should work.
--Chandra
> I've only focused on the SHA-2 issue because that
> seemed to be symptomatic of the underlying problem - but the
> real problem is that the entire certificate is not customizable
> in the installation process.
>
> Or, are you suggesting that with the fix compiled in, all the
> profile changes will get included too?
>
> Arshad Noor
> StrongAuth, Inc.
>
> Chandrasekar Kannan wrote:
>> On 04/08/2010 04:33 PM, Arshad Noor wrote:
>>>
>>> However, to follow up on the other issue - the documentation
>>> on RHBA-2009-1602 suggests that only the SHA-2 algorithm issue
>>> can be fixed. Am I still stuck with the renewal method to get
>>> the other certificate extensions fixed - the keyUsages, AIA,
>>> OCSPNoCheck, etc?
>>
>> I don't think so. You should be able to get those customized
>> by editing those profile config files in question before going
>> through the wizard. Sha-2 was a bit hard-coded IIRC , hence it
>> required code changes.
More information about the Pki-users
mailing list