Re: [Pki-users] Token Cert Profile Question
Sean:
Yes, we have a profile for each cert.
If you look in the CS.cfg in /var/lib/pki-tps/conf, you will see that
for each type of token (ie userKey), there is a list of key "types" that
are generated.
For an example of 3 types look for the string:
op.enroll.soKeyTemporary.keyGen.keyType.num=3
The subsequent lines show how a 3rd auth cert is generated.
Veale, Sean wrote:
I currently have a CS setup where using Gemalto tokens, I can see
that
an signing and encryption certs are written to the card. What
profile(s) in the /var/lib/<ca instance>/profile directory is used to
generate the certs in a default dogtag setup?
I noticed there is both a caTokenUserEncryptionKeyEnrollment.cfg and
caTokenUserSigningLeyEnrollment.cfg profiles in the directory that
seem to correspond to each of the certs created on the token. That is
a bit odd to me as I though it usually was one profile that would have
multiple policysets to handle 2 certs not a seperate profile for each?
The basic question is I'd like to modify the configuration so a third
cert is created on the card (to be used for authentication) beyond the
email signing and encryption certs. Anyone know how to do that?
Thanks
Sean
------------------------------------------------------------------------
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
Attachments:
- smime.p7s (application/x-pkcs7-signature — 3.2 KB)