Hi Jose,
I may need little more information to assist you:
* What version of Dogtag PKI are you using?
* What platform are you using? Fedora, CentOS, Debian, RHEL?
* Can you attach debug logs?
* Can you share the profiles that you edited and its contents?
Regards,
--Dinesh
On Fri, Sep 11, 2020 at 7:02 AM Jose Antonio Mendoza Roa <roa(a)unixmexico.org>
wrote:
Hello
Hi everyone, I am new to this list and new to using dogtag.
I have 3 profiles (types of certificates) which asked me to append this
configuration Smart Card Logon (1.3.6.1.4.1.311.20.2.2) and add this
configuration to the certificate profile
*policyset.userCertSet.p15.constraint.class_id=noConstraintImplpolicyset.userCertSet.p15.constraint.name
<
http://policyset.userCertSet.p15.constraint.name>=No
Constraintpolicyset.userCertSet.p15.default.class_id=extendedKeyUsageExtDefaultImplpolicyset.userCertSet.p15.default.name
<
http://policyset.userCertSet.p15.default.name>=Extended Key Usage
Extension
Defaultpolicyset.userCertSet.p15.default.params.exKeyUsageCritical=falsepolicyset.userCertSet.p15.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.4.1.311.20.2.2*
But when I did the tests I get this error in the dogtag logs.
"duplicate extension attempted! Name: oid=2.5.29.37 val=48 0"
--
Ce courrier électronique et les fichiers qui y sont annexés peuvent
renfermer des
renseignements privilégiés et confidentiels à l'intention exclusive du
destinataire. Si
vous n'êtes pas le destinataire, vous n'êtes pas autorisé(e) à utiliser, à
copier ou à
divulguer à un tiers le contenu de ce courrier électronique ni des
fichiers joints. Si
vous avez reçu ce courrier électronique par erreur, veuillez en aviser
l'expéditeur
immédiatement par courrier électronique et détruire ce message ainsi que
les fichiers
en annexe.
This electronic mail message -- and any attachments -- may contain
privileged/confidential information, intended only for the use of the
addressee. If you
are not the addressee, you may not use, copy or disclose to a third party
the content
of this message or its attachments. If you have received this message by
mistake,
please notify us immediately by e-mail and destroy this message, along
with all
attachments
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users