I did something like this, a while ago, on DogTag. Seems to work for me.I did that on server certificate profile ; so you may need to adjust it a bit./var/lib/pki/<instance>/ca/profiles/ca/caServerCert.cfg================================================
policyset.serverCertSet.5.constraint.class_id=noConstraintImpl
policyset.serverCertSet.5.constraint.name=No Constraint
policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.serverCertSet.5.default.name=AIA Extension Default<!-- this is the default OCSP entry, configured elsewhere in your pki instance, i just left it here -->policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.serverCertSet.5.default.params.authInfoAccessCritical=false<!-- these are custom entries -->policyset.serverCertSet.5.default.params.authInfoAccessADEnable_1=true
policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_1=URIName
policyset.serverCertSet.5.default.params.authInfoAccessADLocation_1=http://server1/root.crt
policyset.serverCertSet.5.default.params.authInfoAccessADMethod_1=1.3.6.1.5.5.7.48.2
policyset.serverCertSet.5.default.params.authInfoAccessADEnable_2=true
policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_2=URIName
policyset.serverCertSet.5.default.params.authInfoAccessADLocation_2=http://server2/root.crt
policyset.serverCertSet.5.default.params.authInfoAccessADMethod_2=1.3.6.1.5.5.7.48.2<!-- adjust as necessary the amount of entries here -->policyset.serverCertSet.5.default.params.authInfoAccessCritical=false
policyset.serverCertSet.5.default.params.authInfoAccessNumADs=3After that, restart your instance and review the certificate request in agent. Hope it works fine.2016-04-01 15:08 GMT+02:00 Kamal Perera <techpkiuser@gmail.com>:_______________________________________________KamlThanks.I just want to know how to configure the user certificate profile to have both OCSP URL and CA ISSUERs certificate URL to be present in the certificate.Dear All,Hope you guys are doing great.
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users