Re: [Pki-users] Questions on customizing certificate profiles

However, when I did modify the *.cfg files in the profiles/ca directory to customize the extensions, none of the changes were picked up.

I've only focused on the SHA-2 issue because that seemed to be symptomatic of the underlying problem - but the real problem is that the entire certificate is not customizable in the installation process. Or, are you suggesting that with the fix compiled in, all the profile changes will get included too? Arshad Noor StrongAuth, Inc. Chandrasekar Kannan wrote: > On 04/08/2010 04:33 PM, Arshad Noor wrote: >> >> However, to follow up on the other issue - the documentation >> on RHBA-2009-1602 suggests that only the SHA-2 algorithm issue >> can be fixed. Am I still stuck with the renewal method to get >> the other certificate extensions fixed - the keyUsages, AIA, >> OCSPNoCheck, etc? > > I don't think so. You should be able to get those customized > by editing those profile config files in question before going > through the wizard. Sha-2 was a bit hard-coded IIRC , hence it > required code changes.