[Pki-users] Red Hat Certificate System question

[Fraser Tweedale]

On Mon, Oct 28, 2019 at 05:27:14PM -0500, Steve Laesch wrote:
> Fraser,
> 
> I enjoyed reading the blog article from 8/2015 in which you described how
> to create a custom certificate profile for provisioning S/MIME certificates.
> 
> I'm currently struggling to complete a task using Red Hat Certificate
> System that I understand probably needs to involve creating a custom
> certificate profile.
> 
> I'm trying to provision a set of CA certificates using dual root, mutually
> cross signed CAs. I did it using openssl first, and that went wonderfully.
> 
> For reference, I'm trying to do what is described in this Wikipedia page:
> https://en.wikipedia.org/wiki/X.509#Example_1:_Cross-certification_at_root_Certification_Authority_(CA)_level_between_two_PKIs
> 
> I'm working with Red Hat Certificate System PKIs installed on two different
> AWS EC2 instances.
> 
> I'm almost a complete newbie when it comes to working with certificate
> profiles, unfortunately. I find it rather daunting. I'm determined to get
> this done and working, though. I can certainly use all the help I can get!
> 
> Cheers,
> Steve Laesch
>
Hi Steve,

Adding the pki-users@ mailing list.

We need a bit more information.  We have a profile for CA
certificates ("caCACert").  The validity period is 20 years which is
probably too long, but if you make a custom profile that is a copy
of caCAcert except with the desired validity period, it should be
suitable.

Can you please give more information on exactly what you're having
difficulty with, or how the results differ from your goal?

Thanks,
Fraser