Re: [Pki-users] Add info to a new OID

Hi JD, Just did it and I could sign the certificate. Any idea how to verify (list) the new OID info from a base64 cert? thx, sp 2014/1/22 Jindrich Dolezal <jindrich.dolezal(a)adaptivemobile.com <mailto:jindrich.dolezal@adaptivemobile.com>> hi, have you tried something like this: policyset.set1.p6.constraint.class_id=noConstraintImpl policyset.set1.p6.constraint.name <http://policyset.set1.p6.constraint.name>=No Constraint policyset.set1.p6.default.class_id=userExtensionDefaultImpl policyset.set1.p6.default.name <http://policyset.set1.p6.default.name>=User Supplied Key Usage Extension policyset.set1.p6.default.params.userExtOID=2.16.76.1.3.3 jd On 01/22/2014 11:41 AM, Sergio Pereira wrote: > hi guys, > > I'm trying to create a certificate profile in a way to have at > the end a certificate with a special attributes (supplied by the > user through web enrollment form). I'm running dogtag 10.1 on > Fedora 20...fresh install. I added a certificate profile using > pkiconsole but I'm struggling in how to find the right Policies, > Inputs and Outputs for the new profile. The OID I intent to write > to it is the 2.16.76.1.3.3 (country specific OID). Here is my > profile's config file: > > auth.instance_id= > desc=UserCNPJ > enable=false > enableBy=admin > input.CNPJ.class_id=genericInputImpl > input.CNPJ.name <http://input.CNPJ.name>=Generic Input > input.CNPJ.params.gi_display_name0=Cadastro Nacional Pessoa Juridica > input.CNPJ.params.gi_display_name1= > input.CNPJ.params.gi_display_name2= > input.CNPJ.params.gi_display_name3= > input.CNPJ.params.gi_display_name4= > input.CNPJ.params.gi_param_enable0=true > input.CNPJ.params.gi_param_enable1=false > input.CNPJ.params.gi_param_enable2=false > input.CNPJ.params.gi_param_enable3=false > input.CNPJ.params.gi_param_enable4=false > input.CNPJ.params.gi_param_name0=cnpj > input.CNPJ.params.gi_param_name1= > input.CNPJ.params.gi_param_name2= > input.CNPJ.params.gi_param_name3= > input.CNPJ.params.gi_param_name4= > input.i1.class_id=keyGenInputImpl > input.i1.name <http://input.i1.name>=Key Generation Input > input.i2.class_id=subjectNameInputImpl > input.i2.name <http://input.i2.name>=Subject Name Input > input.i3.class_id=submitterInfoInputImpl > input.i3.name <http://input.i3.name>=Submitter Information Input > input.list=i1,i2,i3,CNPJ > input.params.gi_display_name0=Cadastro Nacional Pessoa Juridica > input.params.gi_display_name1= > input.params.gi_display_name2= > input.params.gi_display_name3= > input.params.gi_display_name4= > input.params.gi_param_enable0=true > input.params.gi_param_enable1=false > input.params.gi_param_enable2=false > input.params.gi_param_enable3=false > input.params.gi_param_enable4=false > input.params.gi_param_name0=cnpj > input.params.gi_param_name1= > input.params.gi_param_name2= > input.params.gi_param_name3= > input.params.gi_param_name4= > lastModified=1390319210315 > name=UserCNPJ > output.list=o1 > output.o1.class_id=certOutputImpl > output.o1.name <http://output.o1.name>=Certificate Output > policyset.list=set1 > policyset.set1.list=p1,p2,p3,p4,p5,p06 > policyset.set1.p06.constraint.class_id=noConstraintImpl > policyset.set1.p06.constraint.name > <http://policyset.set1.p06.constraint.name>=No Constraint > policyset.set1.p06.default.class_id=userExtensionDefaultImpl > policyset.set1.p06.default.name > <http://policyset.set1.p06.default.name>=User Supplied Extension > Default > policyset.set1.p06.default.params.userExtOID=Comment Here... > policyset.set1.p1.constraint.class_id=noConstraintImpl > policyset.set1.p1.constraint.name > <http://policyset.set1.p1.constraint.name>=No Constraint > policyset.set1.p1.default.class_id=userSubjectNameDefaultImpl > policyset.set1.p1.default.name > <http://policyset.set1.p1.default.name>=User Supplied Subject > Name Default > policyset.set1.p2.constraint.class_id=noConstraintImpl > policyset.set1.p2.constraint.name > <http://policyset.set1.p2.constraint.name>=No Constraint > policyset.set1.p2.default.class_id=validityDefaultImpl > policyset.set1.p2.default.name > <http://policyset.set1.p2.default.name>=Validity Default > policyset.set1.p2.default.params.range=180 > policyset.set1.p2.default.params.startTime=0 > policyset.set1.p3.constraint.class_id=noConstraintImpl > policyset.set1.p3.constraint.name > <http://policyset.set1.p3.constraint.name>=No Constraint > policyset.set1.p3.default.class_id=userKeyDefaultImpl > policyset.set1.p3.default.name > <http://policyset.set1.p3.default.name>=User Supplied Key Default > policyset.set1.p3.default.params.keyMaxLength=4096 > policyset.set1.p3.default.params.keyMinLength=512 > policyset.set1.p3.default.params.keyType=RSA > policyset.set1.p4.constraint.class_id=noConstraintImpl > policyset.set1.p4.constraint.name > <http://policyset.set1.p4.constraint.name>=No Constraint > policyset.set1.p4.default.class_id=signingAlgDefaultImpl > policyset.set1.p4.default.name > <http://policyset.set1.p4.default.name>=Signing Algorithm Default > policyset.set1.p4.default.params.signingAlg=- > policyset.set1.p4.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,,SHA512withEC > policyset.set1.p5.constraint.class_id=noConstraintImpl > policyset.set1.p5.constraint.name > <http://policyset.set1.p5.constraint.name>=No Constraint > policyset.set1.p5.default.class_id=keyUsageExtDefaultImpl > policyset.set1.p5.default.name > <http://policyset.set1.p5.default.name>=Key Usage Extension Default > policyset.set1.p5.default.params.keyUsageCritical=true > policyset.set1.p5.default.params.keyUsageCrlSign=true > policyset.set1.p5.default.params.keyUsageDataEncipherment=true > policyset.set1.p5.default.params.keyUsageDecipherOnly=true > policyset.set1.p5.default.params.keyUsageDigitalSignature=true > policyset.set1.p5.default.params.keyUsageEncipherOnly=true > policyset.set1.p5.default.params.keyUsageKeyAgreement=true > policyset.set1.p5.default.params.keyUsageKeyCertSign=true > policyset.set1.p5.default.params.keyUsageKeyEncipherment=true > policyset.set1.p5.default.params.keyUsageNonRepudiation=true > visible=true > thx in advance, > sergio > > > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com <mailto:Pki-users@redhat.com> > https://www.redhat.com/mailman/listinfo/pki-users </pre>****************************************************************************************<br>This email and any files transmitted with are confidential and intended solely for the<br>use of the individual or entity to whom they are addressed. If you have received this<br>email in error then please delete it and notify the sender. Do not make a copy or forward<br>it to anyone. This footnote also confirms that this email message has been swept for the<br>presence of computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O<br>****************************************************************************************</pre> _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com <mailto:Pki-users@redhat.com> https://www.redhat.com/mailman/listinfo/pki-users