Re: [Pki-users] Add info to a new OID

Wednesday, 22 January 2014

hi,
have you tried something like this:
policyset.set1.p6.constraint.class_id=noConstraintImpl
policyset.set1.p6.constraint.name=No Constraint
policyset.set1.p6.default.class_id=userExtensionDefaultImpl
policyset.set1.p6.default.name=User Supplied Key Usage Extension
policyset.set1.p6.default.params.userExtOID=2.16.76.1.3.3

jd

On 01/22/2014 11:41 AM, Sergio Pereira wrote:
...
 hi guys,

 I'm trying to create a certificate profile in a way to have at the end 
 a certificate with a special attributes (supplied by the user through 
 web enrollment form). I'm running dogtag 10.1 on Fedora 20...fresh 
 install. I added a certificate profile using pkiconsole but I'm 
 struggling in how to find the right Policies, Inputs and Outputs for 
 the new profile. The OID I intent to write to it is the 2.16.76.1.3.3 
 (country specific OID). Here is my profile's config file:

auth.instance_id=
 desc=UserCNPJ
 enable=false
 enableBy=admin
 input.CNPJ.class_id=genericInputImpl
 input.CNPJ.name <http://input.CNPJ.name>=Generic Input
 input.CNPJ.params.gi_display_name0=Cadastro Nacional Pessoa Juridica
 input.CNPJ.params.gi_display_name1=
 input.CNPJ.params.gi_display_name2=
 input.CNPJ.params.gi_display_name3=
 input.CNPJ.params.gi_display_name4=
 input.CNPJ.params.gi_param_enable0=true
 input.CNPJ.params.gi_param_enable1=false
 input.CNPJ.params.gi_param_enable2=false
 input.CNPJ.params.gi_param_enable3=false
 input.CNPJ.params.gi_param_enable4=false
 input.CNPJ.params.gi_param_name0=cnpj
 input.CNPJ.params.gi_param_name1=
 input.CNPJ.params.gi_param_name2=
 input.CNPJ.params.gi_param_name3=
 input.CNPJ.params.gi_param_name4=
 input.i1.class_id=keyGenInputImpl
 input.i1.name <http://input.i1.name>=Key Generation Input
 input.i2.class_id=subjectNameInputImpl
 input.i2.name <http://input.i2.name>=Subject Name Input
 input.i3.class_id=submitterInfoInputImpl
 input.i3.name <http://input.i3.name>=Submitter Information Input
 input.list=i1,i2,i3,CNPJ
 input.params.gi_display_name0=Cadastro Nacional Pessoa Juridica
 input.params.gi_display_name1=
 input.params.gi_display_name2=
 input.params.gi_display_name3=
 input.params.gi_display_name4=
 input.params.gi_param_enable0=true
 input.params.gi_param_enable1=false
 input.params.gi_param_enable2=false
 input.params.gi_param_enable3=false
 input.params.gi_param_enable4=false
 input.params.gi_param_name0=cnpj
 input.params.gi_param_name1=
 input.params.gi_param_name2=
 input.params.gi_param_name3=
 input.params.gi_param_name4=
 lastModified=1390319210315
 name=UserCNPJ
 output.list=o1
 output.o1.class_id=certOutputImpl
 output.o1.name <http://output.o1.name>=Certificate Output
 policyset.list=set1
 policyset.set1.list=p1,p2,p3,p4,p5,p06
 policyset.set1.p06.constraint.class_id=noConstraintImpl
 policyset.set1.p06.constraint.name 
 <http://policyset.set1.p06.constraint.name>=No Constraint
 policyset.set1.p06.default.class_id=userExtensionDefaultImpl
 policyset.set1.p06.default.name 
 <http://policyset.set1.p06.default.name>=User Supplied Extension Default
 policyset.set1.p06.default.params.userExtOID=Comment Here...
 policyset.set1.p1.constraint.class_id=noConstraintImpl
 policyset.set1.p1.constraint.name 
 <http://policyset.set1.p1.constraint.name>=No Constraint
 policyset.set1.p1.default.class_id=userSubjectNameDefaultImpl
 policyset.set1.p1.default.name 
 <http://policyset.set1.p1.default.name>=User Supplied Subject Name Default
 policyset.set1.p2.constraint.class_id=noConstraintImpl
 policyset.set1.p2.constraint.name 
 <http://policyset.set1.p2.constraint.name>=No Constraint
 policyset.set1.p2.default.class_id=validityDefaultImpl
 policyset.set1.p2.default.name 
 <http://policyset.set1.p2.default.name>=Validity Default
 policyset.set1.p2.default.params.range=180
 policyset.set1.p2.default.params.startTime=0
 policyset.set1.p3.constraint.class_id=noConstraintImpl
 policyset.set1.p3.constraint.name 
 <http://policyset.set1.p3.constraint.name>=No Constraint
 policyset.set1.p3.default.class_id=userKeyDefaultImpl
 policyset.set1.p3.default.name 
 <http://policyset.set1.p3.default.name>=User Supplied Key Default
 policyset.set1.p3.default.params.keyMaxLength=4096
 policyset.set1.p3.default.params.keyMinLength=512
 policyset.set1.p3.default.params.keyType=RSA
 policyset.set1.p4.constraint.class_id=noConstraintImpl
 policyset.set1.p4.constraint.name 
 <http://policyset.set1.p4.constraint.name>=No Constraint
 policyset.set1.p4.default.class_id=signingAlgDefaultImpl
 policyset.set1.p4.default.name 
 <http://policyset.set1.p4.default.name>=Signing Algorithm Default
 policyset.set1.p4.default.params.signingAlg=-

policyset.set1.p4.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,,SHA512withEC
 policyset.set1.p5.constraint.class_id=noConstraintImpl
 policyset.set1.p5.constraint.name 
 <http://policyset.set1.p5.constraint.name>=No Constraint
 policyset.set1.p5.default.class_id=keyUsageExtDefaultImpl
 policyset.set1.p5.default.name 
 <http://policyset.set1.p5.default.name>=Key Usage Extension Default
 policyset.set1.p5.default.params.keyUsageCritical=true
 policyset.set1.p5.default.params.keyUsageCrlSign=true
 policyset.set1.p5.default.params.keyUsageDataEncipherment=true
 policyset.set1.p5.default.params.keyUsageDecipherOnly=true
 policyset.set1.p5.default.params.keyUsageDigitalSignature=true
 policyset.set1.p5.default.params.keyUsageEncipherOnly=true
 policyset.set1.p5.default.params.keyUsageKeyAgreement=true
 policyset.set1.p5.default.params.keyUsageKeyCertSign=true
 policyset.set1.p5.default.params.keyUsageKeyEncipherment=true
 policyset.set1.p5.default.params.keyUsageNonRepudiation=true
 visible=true
 thx in advance,
 sergio

_______________________________________________
 Pki-users mailing list
 Pki-users(a)redhat.com
 https://www.redhat.com/mailman/listinfo/pki-users 
</pre>**************************************************************************************** This
email and any files transmitted with are confidential and intended solely for
the use of the individual or entity to whom they are addressed. If you have
received this email in error then please delete it and notify the sender. Do not
make a copy or forward it to anyone. This footnote also confirms that this email
message has been swept for the presence of computer
viruses. Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount
Street, Dublin 2, Ireland Directors: B. Collins, G. Maclachlan (UK), N. Grierson
(UK), J. Ennis (UK), D. Summers (UK). Registered in Ireland, Company No. 370343,
VAT
Reg.No.IE6390343O ****************************************************************************************</pre>

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Re: [Pki-users] Add info to a new OID