hi, can anyone advice me how to configure dogtag (having 9.0.3) to have 2 profiles for generating server and client certificate. for cert generating im currently using /var/lib/pki-ca/profiles/ca/caRouterCert.cfg where there is line: policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 OID 1.3.6.1.5.5.7.3.2 is for client, 1.3.6.1.5.5.7.3.1 is for server so for generating the server certificate, i have to reconfigure and restart ca which is very annoying for test env and unthinkable in production env. i have configured clients to be able to get their own certificates via scep. and for server i generate certs manually with the use of jscep-cli tool. is there a way/is it possible to configure dogtag so that i can get me server certificate without reconfiguring? thanks a lot jd *****************************************This email and any files transmitted with are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error then please delete it and notify the sender. Do not make a copy or forward it to anyone. This footnote also confirms that this email message has been swept for the presence of computer viruses. Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK). Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O*****************************************