[Pki-users] [dogtag] CA Issuers fields in authinfoaccess extension - how?
marcin kowalski
yoshi314 at gmail.com
Fri Jan 15 11:48:42 UTC 2016
Thanks. The problem is that i have to specify multiple entries, and this is
when things go weird.
policyset.serverCertSet.5.constraint.class_id=noConstraintImpl
policyset.serverCertSet.5.constraint.name=No Constraint
policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.serverCertSet.5.default.name=AIA Extension Default
policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.serverCertSet.5.default.params.authInfoAccessCritical=false
policyset.serverCertSet.5.default.params.authInfoAccessADEnable_1=true
policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_1=URI
policyset.serverCertSet.5.default.params.authInfoAccessADLocation_1=
http://server1/cert1.crt
policyset.serverCertSet.5.default.params.authInfoAccessADMethod_1=1.3.6.1.5.5.7.48.2
policyset.serverCertSet.5.default.params.authInfoAccessADEnable_2=true
policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_2=URI
policyset.serverCertSet.5.default.params.authInfoAccessADLocation_2=
http://server2/cert2.crt
policyset.serverCertSet.5.default.params.authInfoAccessADMethod_2=1.3.6.1.5.5.7.48.2
policyset.serverCertSet.5.default.params.authInfoAccessADEnable_3=true
policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_3=URI
policyset.serverCertSet.5.default.params.authInfoAccessADLocation_3=ldap:///CN=someconnectionstring
policyset.serverCertSet.5.default.params.authInfoAccessADMethod_3=1.3.6.1.5.5.7.48.2
policyset.serverCertSet.5.default.params.authInfoAccessCritical=false
policyset.serverCertSet.5.default.params.authInfoAccessNumADs=4
What happens in dogtag is that the first field is filled out with values,
but there are empty records following like so :
Record #0
Method:1.3.6.1.5.5.7.48.1
Location Type:URIName
Location:http://dogtaginstance:8080/ca/ocsp
Enable:true
Record #1
Method:
Location Type:
Location:
Enable:false
Record #2
Method:
Location Type:
Location:
Enable:false
Record #3
Method:
Location Type:
Location:
Enable:false
And i have to fill them out manually. Then the fields get passed to the
certificate. What could possibly be wrong here?
2016-01-14 19:36 GMT+01:00 John Magne <jmagne at redhat.com>:
> Here is an example in the file we ship DomainController.cfg
> There are others in the directory /var/lib/pki/pki-tomcat/ca/profiles/ca
> if you need more:
>
> policyset.set1.5.default.class_id=authInfoAccessExtDefaultImpl
> policyset.set1.5.default.name=AIA Extension Default
> policyset.set1.5.default.params.authInfoAccessADEnable_0=true
> policyset.set1.5.default.params.authInfoAccessADLocationType_0=URIName
> policyset.set1.5.default.params.authInfoAccessADLocation_0=
> http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit
> policyset.set1.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.2
> policyset.set1.5.default.params.authInfoAccessCritical=false
> policyset.set1.5.default.params.authInfoAccessNumADs=1
>
>
>
> ----- Original Message -----
> > From: "marcin kowalski" <yoshi314 at gmail.com>
> > To: pki-users at redhat.com
> > Sent: Thursday, January 14, 2016 5:00:56 AM
> > Subject: [Pki-users] [dogtag] CA Issuers fields in authinfoaccess
> extension - how?
> >
> > Hi all ; I am running a subordinate ca dogtag instance, and i would like
> to
> > copy AuthInfoExtension fields from the master ca cert into final
> > certificates signed in dogtag
> >
> > I am struggling to add a few caIssuers fields to authInfoExtension
> fields in
> > issued certificates
> >
> > the fields in question are to be like so (from openssl output of the
> master
> > ca certificate)
> >
> > CA Issuers - URI: http://server/name.crt
> > CA Issuers - URI: http://backupserver/name.crt
> >
> >
> > Are there any examples out there so that i can figure this out?
> >
> > _______________________________________________
> > Pki-users mailing list
> > Pki-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20160115/239b7b9a/attachment.htm>
More information about the Pki-users
mailing list