I see nothing that seem incorrect in your configurations, I will try a
test, meanwhile, could you indicate the exact RHEL or Fedora versions and
rpm -q pki-ca ?
and are there any other related debug log entries? (like about
PolicyQualifiers0.usernotice.enable )
Thanks,
M.
On Wed, Apr 24, 2019 at 10:19 AM Jonathan Montero <jmrxto(a)gmail.com> wrote:
Hi, thanks for your answer
- in the profile, that policyset.caCertSet.list has p7
*DONE*
- the CA was restarted after the custom profile changes *DONE*
- debug log *DONE?*
[24/Apr/2019:12:45:33][http-bio-8443-exec-1]: RequestProcessor:
profileId=caClase1
[24/Apr/2019:12:46:29][localhost-startStop-1]: Start Profile Creation -
caClase1 caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile
[24/Apr/2019:12:46:29][localhost-startStop-1]: Done Profile Creation -
caClase1
[24/Apr/2019:12:46:29][localhost-startStop-1]: Registered Confirmation -
caClase1
Also looked for more logs...
I see and XML section for some reason i see this in the XML
<description>This default populates a Certificate Policies Extension to
the request. The default values are Criticality=true,
{PoliciesExt.num:1,{Enable:true,Policy
Id:1.3.6.1.4.1.6.1.1.1.1,PolicyQualifiers.num:,{CPSuri
Enable:true,UserNotice Enable:true,UserNoticeReference Organization:Company
text Here,UserNoticeReference Numbers:1,UserNoticeReference Explicit
Text:Some Text Here,CPS
uri:http://url.com/}}}</description>
*BUTTTTT, if i go down in the file i see*
PoliciesExt.certPolicy0.enable:true
PoliciesExt.certPolicy0.policyId:1.3.6.1.4.1.6.1.1.1.1
PoliciesExt.certPolicy0.PolicyQualifiers.num:1
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable:true
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value:http://url.com/&am...
;
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable:*false*
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization:
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers:
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value:
*The last 3 lines are EMPTY.*
Jonathan Montero
IT Professional | IT Trainer
M: 809-609-3003
S: tuxmontero
E: jmrxto(a)gmail.com
A: Santo Domingo, DR
jonathanmontero.com
<
https://www.linkedin.com/in/monterojonathan>
<
https://twitter.com/tuxmontero> <
https://www.facebook.com/jmrxto>
<
https://github.com/tuxmontero>
On Wed, Apr 24, 2019 at 12:26 PM Marc Sauton <msauton(a)redhat.com> wrote:
> make sure:
> - in the profile, that policyset.caCertSet.list has p7
> - the CA was restarted after the custom profile changes
> - a review of the CA debug log, the profile you modified should be listed
> after a restart as, for example:
> [14/Feb/2019:00:30:49][localhost-startStop-1]: added plugin profile
> caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate
> Authority Server Certificate Enrollment Profile
> com.netscape.cms.profile.common.ServerCertCAEnrollProfile
> [14/Feb/2019:00:31:43][localhost-startStop-1]: added plugin profile
> caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate
> Authority Server Certificate Enrollment Profile
> com.netscape.cms.profile.common.ServerCertCAEnrollProfile
> [14/Feb/2019:00:31:45][localhost-startStop-1]: Start Profile Creation -
> caServerCert caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile
> [14/Feb/2019:00:31:45][localhost-startStop-1]: Done Profile Creation -
> caServerCert
> [14/Feb/2019:00:31:45][localhost-startStop-1]: Registered Confirmation -
> caServerCert
> and between the "Start" and "Done", there should be the details
of the
> profile, with string "BasicProfile: createProfilePolicy" and more info
> - review the same debug log after enrollment, for more details.
> Thanks,
> Marc S.
>
> On Tue, Apr 23, 2019 at 9:23 PM Jonathan Montero <jmrxto(a)gmail.com>
> wrote:
>
>> Hi, I'm having an issue regarding the certificates policies.
>>
>> It is as follows...
>> policyset.caCertSet.p7.constraint.class_id=noConstraintImpl
>> policyset.caCertSet.p7.constraint.name=No Constraint
>> policyset.caCertSet.p7.default.class_id=certificatePoliciesExtDefaultImpl
>> policyset.caCertSet.p7.default.name=Certificate Policies Extension
>> Default
>> policyset.caCertSet.p7.default.params.Critical=true
>> policyset.caCertSet.p7.default.params.PoliciesExt.num=1
>> policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.enable=true
>>
>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
>>
>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
>>
>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=
>>
http://url.com/
>>
>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=true
>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=Some
>> Text Here
>>
>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=1
>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=Company
>> text Here
>>
>>
>> So, with this configuration i got not all the result i want, don't know
>> why....
>>
>> i obtain
>> policyId=1.3.6.1.4.1.6.1.1.1.1
>>
>> Also
>>
CPSURI.value=http://url.com/
>>
>> But can't get the explicitText.value and organization...
>>
>> For some reason, those 2 latter options don't appear in the certificate.
>>
>> What could this be?
>>
>>
>>
>>
>> Jonathan Montero
>>
>> IT Professional | IT Trainer
>> M: 809-609-3003
>> S: tuxmontero
>> E: jmrxto(a)gmail.com
>> A: Santo Domingo, DR
>>
>>
jonathanmontero.com
>>
>> <
https://www.linkedin.com/in/monterojonathan>
>> <
https://twitter.com/tuxmontero> <
https://www.facebook.com/jmrxto>
>> <
https://github.com/tuxmontero>
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users(a)redhat.com
>>
https://www.redhat.com/mailman/listinfo/pki-users
>
>