[Pki-users] Add info to a new OID

Sergio Pereira shopereira at gmail.com
Wed Jan 22 13:37:50 UTC 2014 

nope ... I see the x509 format certificate but can't see the new OID info.
What I also did was to import the cert to a browser and checked the cert's
details and also there is no new OID in it.
sp


2014/1/22 Jindrich Dolezal <jindrich.dolezal at adaptivemobile.com>

>
> what about openssl x509 -in certificate.crt -text
>
>
> On 01/22/2014 01:07 PM, Sergio Pereira wrote:
>
> Hi JD,
>
>  Just did it and I could sign the certificate. Any idea how to verify
> (list) the new OID info from a base64 cert?
> thx,
> sp
>
>
> 2014/1/22 Jindrich Dolezal <jindrich.dolezal at adaptivemobile.com>
>
>>  hi,
>> have you tried something like this:
>> policyset.set1.p6.constraint.class_id=noConstraintImpl
>> policyset.set1.p6.constraint.name=No Constraint
>> policyset.set1.p6.default.class_id=userExtensionDefaultImpl
>> policyset.set1.p6.default.name=User Supplied Key Usage Extension
>> policyset.set1.p6.default.params.userExtOID=2.16.76.1.3.3
>>
>> jd
>>
>>
>> On 01/22/2014 11:41 AM, Sergio Pereira wrote:
>>
>>  hi guys,
>>
>>  I'm trying to create a certificate profile in a way to have at the end
>> a certificate with a special attributes (supplied by the user through web
>> enrollment form). I'm running dogtag 10.1 on Fedora 20...fresh install. I
>> added a certificate profile using pkiconsole but I'm struggling in how to
>> find the right Policies, Inputs and Outputs for the new profile. The OID I
>> intent to write to it is the 2.16.76.1.3.3 (country specific OID). Here is
>> my profile's config file:
>>
>>  auth.instance_id=
>> desc=UserCNPJ
>> enable=false
>> enableBy=admin
>> input.CNPJ.class_id=genericInputImpl
>> input.CNPJ.name=Generic Input
>> input.CNPJ.params.gi_display_name0=Cadastro Nacional Pessoa Juridica
>> input.CNPJ.params.gi_display_name1=
>> input.CNPJ.params.gi_display_name2=
>> input.CNPJ.params.gi_display_name3=
>>  input.CNPJ.params.gi_display_name4=
>> input.CNPJ.params.gi_param_enable0=true
>> input.CNPJ.params.gi_param_enable1=false
>> input.CNPJ.params.gi_param_enable2=false
>> input.CNPJ.params.gi_param_enable3=false
>> input.CNPJ.params.gi_param_enable4=false
>> input.CNPJ.params.gi_param_name0=cnpj
>> input.CNPJ.params.gi_param_name1=
>> input.CNPJ.params.gi_param_name2=
>> input.CNPJ.params.gi_param_name3=
>> input.CNPJ.params.gi_param_name4=
>> input.i1.class_id=keyGenInputImpl
>> input.i1.name=Key Generation Input
>> input.i2.class_id=subjectNameInputImpl
>>  input.i2.name=Subject Name Input
>> input.i3.class_id=submitterInfoInputImpl
>> input.i3.name=Submitter Information Input
>> input.list=i1,i2,i3,CNPJ
>> input.params.gi_display_name0=Cadastro Nacional Pessoa Juridica
>> input.params.gi_display_name1=
>> input.params.gi_display_name2=
>> input.params.gi_display_name3=
>> input.params.gi_display_name4=
>> input.params.gi_param_enable0=true
>> input.params.gi_param_enable1=false
>> input.params.gi_param_enable2=false
>> input.params.gi_param_enable3=false
>> input.params.gi_param_enable4=false
>> input.params.gi_param_name0=cnpj
>> input.params.gi_param_name1=
>> input.params.gi_param_name2=
>> input.params.gi_param_name3=
>> input.params.gi_param_name4=
>> lastModified=1390319210315
>> name=UserCNPJ
>> output.list=o1
>> output.o1.class_id=certOutputImpl
>> output.o1.name=Certificate Output
>> policyset.list=set1
>> policyset.set1.list=p1,p2,p3,p4,p5,p06
>> policyset.set1.p06.constraint.class_id=noConstraintImpl
>> policyset.set1.p06.constraint.name=No Constraint
>> policyset.set1.p06.default.class_id=userExtensionDefaultImpl
>> policyset.set1.p06.default.name=User Supplied Extension Default
>> policyset.set1.p06.default.params.userExtOID=Comment Here...
>> policyset.set1.p1.constraint.class_id=noConstraintImpl
>> policyset.set1.p1.constraint.name=No Constraint
>> policyset.set1.p1.default.class_id=userSubjectNameDefaultImpl
>> policyset.set1.p1.default.name=User Supplied Subject Name Default
>> policyset.set1.p2.constraint.class_id=noConstraintImpl
>> policyset.set1.p2.constraint.name=No Constraint
>> policyset.set1.p2.default.class_id=validityDefaultImpl
>> policyset.set1.p2.default.name=Validity Default
>> policyset.set1.p2.default.params.range=180
>> policyset.set1.p2.default.params.startTime=0
>>  policyset.set1.p3.constraint.class_id=noConstraintImpl
>> policyset.set1.p3.constraint.name=No Constraint
>> policyset.set1.p3.default.class_id=userKeyDefaultImpl
>> policyset.set1.p3.default.name=User Supplied Key Default
>> policyset.set1.p3.default.params.keyMaxLength=4096
>> policyset.set1.p3.default.params.keyMinLength=512
>> policyset.set1.p3.default.params.keyType=RSA
>> policyset.set1.p4.constraint.class_id=noConstraintImpl
>> policyset.set1.p4.constraint.name=No Constraint
>> policyset.set1.p4.default.class_id=signingAlgDefaultImpl
>> policyset.set1.p4.default.name=Signing Algorithm Default
>> policyset.set1.p4.default.params.signingAlg=-
>>
>> policyset.set1.p4.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,,SHA512withEC
>> policyset.set1.p5.constraint.class_id=noConstraintImpl
>> policyset.set1.p5.constraint.name=No Constraint
>> policyset.set1.p5.default.class_id=keyUsageExtDefaultImpl
>> policyset.set1.p5.default.name=Key Usage Extension Default
>> policyset.set1.p5.default.params.keyUsageCritical=true
>> policyset.set1.p5.default.params.keyUsageCrlSign=true
>> policyset.set1.p5.default.params.keyUsageDataEncipherment=true
>> policyset.set1.p5.default.params.keyUsageDecipherOnly=true
>> policyset.set1.p5.default.params.keyUsageDigitalSignature=true
>> policyset.set1.p5.default.params.keyUsageEncipherOnly=true
>> policyset.set1.p5.default.params.keyUsageKeyAgreement=true
>> policyset.set1.p5.default.params.keyUsageKeyCertSign=true
>> policyset.set1.p5.default.params.keyUsageKeyEncipherment=true
>> policyset.set1.p5.default.params.keyUsageNonRepudiation=true
>> visible=true
>>
>> thx in advance,
>> sergio
>>
>>
>>  _______________________________________________
>> Pki-users mailing listPki-users at redhat.comhttps://www.redhat.com/mailman/listinfo/pki-users
>>
>>
>> </pre>****************************************************************************************<br>This
>> email and any files transmitted with are confidential and intended solely
>> for the<br>use of the individual or entity to whom they are addressed.  If
>> you have received this<br>email in error then please delete it and notify
>> the sender. Do not make a copy or forward<br>it to anyone.  This footnote
>> also confirms that this email message has been swept for the<br>presence of
>> computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48
>> Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G.
>> Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers
>> (UK).<br>Registered in Ireland, Company No. 370343, VAT
>> Reg.No.IE6390343O<br>****************************************************************************************</pre>
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>>
>
>
> </pre>****************************************************************************************<br>This
> email and any files transmitted with are confidential and intended solely
> for the<br>use of the individual or entity to whom they are addressed.  If
> you have received this<br>email in error then please delete it and notify
> the sender. Do not make a copy or forward<br>it to anyone.  This footnote
> also confirms that this email message has been swept for the<br>presence of
> computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48
> Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G.
> Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers
> (UK).<br>Registered in Ireland, Company No. 370343, VAT
> Reg.No.IE6390343O<br>****************************************************************************************</pre>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140122/d61145ad/attachment.htm>

More information about the Pki-users mailing list