Re: [Pki-users] Certificate Policies

Wednesday, 24 April 2019

make sure:
- in the profile, that policyset.caCertSet.list has p7
- the CA was restarted after the custom profile changes
- a review of the CA debug log, the profile you modified should be listed
after a restart as, for example:
[14/Feb/2019:00:30:49][localhost-startStop-1]: added plugin profile
caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate
Authority Server Certificate Enrollment Profile
com.netscape.cms.profile.common.ServerCertCAEnrollProfile
[14/Feb/2019:00:31:43][localhost-startStop-1]: added plugin profile
caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate
Authority Server Certificate Enrollment Profile
com.netscape.cms.profile.common.ServerCertCAEnrollProfile
[14/Feb/2019:00:31:45][localhost-startStop-1]: Start Profile Creation -
caServerCert caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile
[14/Feb/2019:00:31:45][localhost-startStop-1]: Done Profile Creation -
caServerCert
[14/Feb/2019:00:31:45][localhost-startStop-1]: Registered Confirmation -
caServerCert
and between the "Start" and "Done", there should be the details of
the
profile, with string "BasicProfile: createProfilePolicy" and more info
- review the same debug log after enrollment, for more details.
Thanks,
Marc S.

On Tue, Apr 23, 2019 at 9:23 PM Jonathan Montero <jmrxto(a)gmail.com&gt; wrote:

...
 Hi, I'm having an issue regarding the certificates policies.

 It is as follows...
 policyset.caCertSet.p7.constraint.class_id=noConstraintImpl
 policyset.caCertSet.p7.constraint.name=No Constraint
 policyset.caCertSet.p7.default.class_id=certificatePoliciesExtDefaultImpl
 policyset.caCertSet.p7.default.name=Certificate Policies Extension Default
 policyset.caCertSet.p7.default.params.Critical=true
 policyset.caCertSet.p7.default.params.PoliciesExt.num=1
 policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.enable=true

policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1

policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true

policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=
 http://url.com/

policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=true

policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=Some
 Text Here

policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=1

policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=Company
 text Here

 So, with this configuration i got not all the result i want, don't know
 why....

 i obtain
 policyId=1.3.6.1.4.1.6.1.1.1.1

 Also
 CPSURI.value=http://url.com/

 But can't get the explicitText.value and organization...

 For some reason, those 2 latter options don't appear in the certificate.

 What could this be?

 Jonathan Montero

 IT Professional | IT Trainer
 M: 809-609-3003
 S: tuxmontero
 E: jmrxto(a)gmail.com
 A: Santo Domingo, DR

 jonathanmontero.com

 <https://www.linkedin.com/in/monterojonathan>
 <https://twitter.com/tuxmontero> <https://www.facebook.com/jmrxto>
 <https://github.com/tuxmontero>

 _______________________________________________
 Pki-users mailing list
 Pki-users(a)redhat.com
 https://www.redhat.com/mailman/listinfo/pki-users 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Re: [Pki-users] Certificate Policies