hi,
have you tried something like this:
policyset.set1.p6.constraint.class_id=noConstraintImpl
policyset.set1.p6.constraint.name=No Constraint
policyset.set1.p6.default.class_id=userExtensionDefaultImpl
policyset.set1.p6.default.name=User Supplied Key Usage Extension
policyset.set1.p6.default.params.userExtOID=2.16.76.1.3.3
jd
On 01/22/2014 11:41 AM, Sergio Pereira wrote:
hi guys,
I'm trying to create a certificate profile in a way to have at the end
a certificate with a special attributes (supplied by the user through
web enrollment form). I'm running dogtag 10.1 on Fedora 20...fresh
install. I added a certificate profile using pkiconsole but I'm
struggling in how to find the right Policies, Inputs and Outputs for
the new profile. The OID I intent to write to it is the 2.16.76.1.3.3
(country specific OID). Here is my profile's config file:
auth.instance_id=
desc=UserCNPJ
enable=false
enableBy=admin
input.CNPJ.class_id=genericInputImpl
input.CNPJ.name <
http://input.CNPJ.name>=Generic Input
input.CNPJ.params.gi_display_name0=Cadastro Nacional Pessoa Juridica
input.CNPJ.params.gi_display_name1=
input.CNPJ.params.gi_display_name2=
input.CNPJ.params.gi_display_name3=
input.CNPJ.params.gi_display_name4=
input.CNPJ.params.gi_param_enable0=true
input.CNPJ.params.gi_param_enable1=false
input.CNPJ.params.gi_param_enable2=false
input.CNPJ.params.gi_param_enable3=false
input.CNPJ.params.gi_param_enable4=false
input.CNPJ.params.gi_param_name0=cnpj
input.CNPJ.params.gi_param_name1=
input.CNPJ.params.gi_param_name2=
input.CNPJ.params.gi_param_name3=
input.CNPJ.params.gi_param_name4=
input.i1.class_id=keyGenInputImpl
input.i1.name <
http://input.i1.name>=Key Generation Input
input.i2.class_id=subjectNameInputImpl
input.i2.name <
http://input.i2.name>=Subject Name Input
input.i3.class_id=submitterInfoInputImpl
input.i3.name <
http://input.i3.name>=Submitter Information Input
input.list=i1,i2,i3,CNPJ
input.params.gi_display_name0=Cadastro Nacional Pessoa Juridica
input.params.gi_display_name1=
input.params.gi_display_name2=
input.params.gi_display_name3=
input.params.gi_display_name4=
input.params.gi_param_enable0=true
input.params.gi_param_enable1=false
input.params.gi_param_enable2=false
input.params.gi_param_enable3=false
input.params.gi_param_enable4=false
input.params.gi_param_name0=cnpj
input.params.gi_param_name1=
input.params.gi_param_name2=
input.params.gi_param_name3=
input.params.gi_param_name4=
lastModified=1390319210315
name=UserCNPJ
output.list=o1
output.o1.class_id=certOutputImpl
output.o1.name <
http://output.o1.name>=Certificate Output
policyset.list=set1
policyset.set1.list=p1,p2,p3,p4,p5,p06
policyset.set1.p06.constraint.class_id=noConstraintImpl
policyset.set1.p06.constraint.name
<
http://policyset.set1.p06.constraint.name>=No Constraint
policyset.set1.p06.default.class_id=userExtensionDefaultImpl
policyset.set1.p06.default.name
<
http://policyset.set1.p06.default.name>=User Supplied Extension Default
policyset.set1.p06.default.params.userExtOID=Comment Here...
policyset.set1.p1.constraint.class_id=noConstraintImpl
policyset.set1.p1.constraint.name
<
http://policyset.set1.p1.constraint.name>=No Constraint
policyset.set1.p1.default.class_id=userSubjectNameDefaultImpl
policyset.set1.p1.default.name
<
http://policyset.set1.p1.default.name>=User Supplied Subject Name Default
policyset.set1.p2.constraint.class_id=noConstraintImpl
policyset.set1.p2.constraint.name
<
http://policyset.set1.p2.constraint.name>=No Constraint
policyset.set1.p2.default.class_id=validityDefaultImpl
policyset.set1.p2.default.name
<
http://policyset.set1.p2.default.name>=Validity Default
policyset.set1.p2.default.params.range=180
policyset.set1.p2.default.params.startTime=0
policyset.set1.p3.constraint.class_id=noConstraintImpl
policyset.set1.p3.constraint.name
<
http://policyset.set1.p3.constraint.name>=No Constraint
policyset.set1.p3.default.class_id=userKeyDefaultImpl
policyset.set1.p3.default.name
<
http://policyset.set1.p3.default.name>=User Supplied Key Default
policyset.set1.p3.default.params.keyMaxLength=4096
policyset.set1.p3.default.params.keyMinLength=512
policyset.set1.p3.default.params.keyType=RSA
policyset.set1.p4.constraint.class_id=noConstraintImpl
policyset.set1.p4.constraint.name
<
http://policyset.set1.p4.constraint.name>=No Constraint
policyset.set1.p4.default.class_id=signingAlgDefaultImpl
policyset.set1.p4.default.name
<
http://policyset.set1.p4.default.name>=Signing Algorithm Default
policyset.set1.p4.default.params.signingAlg=-
policyset.set1.p4.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,,SHA512withEC
policyset.set1.p5.constraint.class_id=noConstraintImpl
policyset.set1.p5.constraint.name
<
http://policyset.set1.p5.constraint.name>=No Constraint
policyset.set1.p5.default.class_id=keyUsageExtDefaultImpl
policyset.set1.p5.default.name
<
http://policyset.set1.p5.default.name>=Key Usage Extension Default
policyset.set1.p5.default.params.keyUsageCritical=true
policyset.set1.p5.default.params.keyUsageCrlSign=true
policyset.set1.p5.default.params.keyUsageDataEncipherment=true
policyset.set1.p5.default.params.keyUsageDecipherOnly=true
policyset.set1.p5.default.params.keyUsageDigitalSignature=true
policyset.set1.p5.default.params.keyUsageEncipherOnly=true
policyset.set1.p5.default.params.keyUsageKeyAgreement=true
policyset.set1.p5.default.params.keyUsageKeyCertSign=true
policyset.set1.p5.default.params.keyUsageKeyEncipherment=true
policyset.set1.p5.default.params.keyUsageNonRepudiation=true
visible=true
thx in advance,
sergio
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
</pre>****************************************************************************************<br>This
email and any files transmitted with are confidential and intended solely for
the<br>use of the individual or entity to whom they are addressed. If you have
received this<br>email in error then please delete it and notify the sender. Do not
make a copy or forward<br>it to anyone. This footnote also confirms that this email
message has been swept for the<br>presence of computer
viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount
Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson
(UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343,
VAT
Reg.No.IE6390343O<br>****************************************************************************************</pre>