[Pki-users] Profiles Issue

Marc Sauton msauton at redhat.com
Fri Sep 11 20:04:46 UTC 2020 

is it possible there is a user provided extended key usage extension in the
request?
or there may be a profile configuration issue related to
userExtensionDefaultImpl and keyUsageExtConstraintImpl, we may need to see
the whole enrollment profile (eventually send it to me privately if you
prefer).
Thanks,
M.

On Fri, Sep 11, 2020 at 7:02 AM Jose Antonio Mendoza Roa <roa at unixmexico.org>
wrote:

> Hello
>
>
> Hi everyone, I am new to this list and new to using dogtag.
> I have 3 profiles (types of certificates) which asked me to append this
> configuration Smart Card Logon (1.3.6.1.4.1.311.20.2.2) and add this
> configuration to the certificate profile
>
>
>
>
>
>
>
>
> *policyset.userCertSet.p15.constraint.class_id=noConstraintImplpolicyset.userCertSet.p15.constraint.name
> <http://policyset.userCertSet.p15.constraint.name>=No
> Constraintpolicyset.userCertSet.p15.default.class_id=extendedKeyUsageExtDefaultImplpolicyset.userCertSet.p15.default.name
> <http://policyset.userCertSet.p15.default.name>=Extended Key Usage
> Extension
> Defaultpolicyset.userCertSet.p15.default.params.exKeyUsageCritical=falsepolicyset.userCertSet.p15.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.4.1.311.20.2.2*
>
> But when I did the tests I get this error in the dogtag logs.
>
>
> "duplicate extension attempted! Name: oid=2.5.29.37 val=48 0"
>
> --
> Ce courrier électronique et les fichiers qui y sont annexés peuvent
> renfermer des
> renseignements privilégiés et confidentiels à l'intention exclusive du
> destinataire. Si
> vous n'êtes pas le destinataire, vous n'êtes pas autorisé(e) à utiliser, à
> copier ou à
> divulguer à un tiers le contenu de ce courrier électronique ni des
> fichiers joints. Si
> vous avez reçu ce courrier électronique par erreur, veuillez en aviser
> l'expéditeur
> immédiatement par courrier électronique et détruire ce message ainsi que
> les fichiers
> en annexe.
>
> This electronic mail message -- and any attachments -- may contain
> privileged/confidential information, intended only for the use of the
> addressee. If you
> are not the addressee, you may not use, copy or disclose to a third party
> the content
> of this message or its attachments. If you have received this message by
> mistake,
> please notify us immediately by e-mail and destroy this message, along
> with all
> attachments
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20200911/d258e2b8/attachment.htm>

More information about the Pki-users mailing list