[Pki-users] how to use both CA ISSUER and OCSP URLs in AIA

Kamal Perera techpkiuser at gmail.com
Tue Apr 5 12:02:21 UTC 2016 

Dear Marcin,

thank you for the reply.

I have tried the same with the UserCert profile. But didn't work for me.
Anyway I'll give another try.

Kamal

On Tue, Apr 5, 2016 at 4:07 PM, marcin kowalski <yoshi314 at gmail.com> wrote:

> I did something like this, a while ago, on DogTag. Seems to work for me.
>
>
> I did that on server certificate profile ; so you may need to adjust it a
> bit.
>
> /var/lib/pki/<instance>/ca/profiles/ca/caServerCert.cfg
> ================================================
> policyset.serverCertSet.5.constraint.class_id=noConstraintImpl
> policyset.serverCertSet.5.constraint.name=No Constraint
> policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
> policyset.serverCertSet.5.default.name=AIA Extension Default
>
> <!-- this is the default OCSP entry, configured elsewhere in your pki
> instance, i just left it here -->
> policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true
>
> policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
> policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=
>
> policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
> policyset.serverCertSet.5.default.params.authInfoAccessCritical=false
>
> <!-- these are custom entries -->
> policyset.serverCertSet.5.default.params.authInfoAccessADEnable_1=true
>
> policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_1=URIName
> policyset.serverCertSet.5.default.params.authInfoAccessADLocation_1=
> http://server1/root.crt
>
> policyset.serverCertSet.5.default.params.authInfoAccessADMethod_1=1.3.6.1.5.5.7.48.2
>
> policyset.serverCertSet.5.default.params.authInfoAccessADEnable_2=true
>
> policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_2=URIName
> policyset.serverCertSet.5.default.params.authInfoAccessADLocation_2=
> http://server2/root.crt
>
> policyset.serverCertSet.5.default.params.authInfoAccessADMethod_2=1.3.6.1.5.5.7.48.2
>
>
> <!-- adjust as necessary the amount of entries here -->
> policyset.serverCertSet.5.default.params.authInfoAccessCritical=false
> policyset.serverCertSet.5.default.params.authInfoAccessNumADs=3
>
>
>
> After that, restart your instance and review the certificate request in
> agent. Hope it works fine.
>
>
> 2016-04-01 15:08 GMT+02:00 Kamal Perera <techpkiuser at gmail.com>:
>
>> Dear All,
>>
>> Hope you guys are doing great.
>>
>> I just want to know how to configure the user certificate profile to have
>> both OCSP URL and CA ISSUERs certificate URL to be present in the
>> certificate.
>>
>> Thanks.
>> Kaml
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20160405/639095f8/attachment.htm>

More information about the Pki-users mailing list