[Pki-users] Certificate Policies
Marc Sauton
msauton at redhat.com
Wed Apr 24 16:26:05 UTC 2019
make sure:
- in the profile, that policyset.caCertSet.list has p7
- the CA was restarted after the custom profile changes
- a review of the CA debug log, the profile you modified should be listed
after a restart as, for example:
[14/Feb/2019:00:30:49][localhost-startStop-1]: added plugin profile
caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate
Authority Server Certificate Enrollment Profile
com.netscape.cms.profile.common.ServerCertCAEnrollProfile
[14/Feb/2019:00:31:43][localhost-startStop-1]: added plugin profile
caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate
Authority Server Certificate Enrollment Profile
com.netscape.cms.profile.common.ServerCertCAEnrollProfile
[14/Feb/2019:00:31:45][localhost-startStop-1]: Start Profile Creation -
caServerCert caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile
[14/Feb/2019:00:31:45][localhost-startStop-1]: Done Profile Creation -
caServerCert
[14/Feb/2019:00:31:45][localhost-startStop-1]: Registered Confirmation -
caServerCert
and between the "Start" and "Done", there should be the details of the
profile, with string "BasicProfile: createProfilePolicy" and more info
- review the same debug log after enrollment, for more details.
Thanks,
Marc S.
On Tue, Apr 23, 2019 at 9:23 PM Jonathan Montero <jmrxto at gmail.com> wrote:
> Hi, I'm having an issue regarding the certificates policies.
>
> It is as follows...
> policyset.caCertSet.p7.constraint.class_id=noConstraintImpl
> policyset.caCertSet.p7.constraint.name=No Constraint
> policyset.caCertSet.p7.default.class_id=certificatePoliciesExtDefaultImpl
> policyset.caCertSet.p7.default.name=Certificate Policies Extension Default
> policyset.caCertSet.p7.default.params.Critical=true
> policyset.caCertSet.p7.default.params.PoliciesExt.num=1
> policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.enable=true
>
> policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
>
> policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
>
> policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=
> http://url.com/
>
> policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=true
> policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=Some
> Text Here
>
> policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=1
> policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=Company
> text Here
>
>
> So, with this configuration i got not all the result i want, don't know
> why....
>
> i obtain
> policyId=1.3.6.1.4.1.6.1.1.1.1
>
> Also
> CPSURI.value=http://url.com/
>
> But can't get the explicitText.value and organization...
>
> For some reason, those 2 latter options don't appear in the certificate.
>
> What could this be?
>
>
>
>
> Jonathan Montero
>
> IT Professional | IT Trainer
> M: 809-609-3003
> S: tuxmontero
> E: jmrxto at gmail.com
> A: Santo Domingo, DR
>
> jonathanmontero.com
>
> <https://www.linkedin.com/in/monterojonathan>
> <https://twitter.com/tuxmontero> <https://www.facebook.com/jmrxto>
> <https://github.com/tuxmontero>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190424/2d409cbd/attachment.htm>
More information about the Pki-users
mailing list