what about openssl x509 -in certificate.crt -text
On 01/22/2014 01:07 PM, Sergio Pereira wrote:
Hi JD,
Just did it and I could sign the certificate. Any idea how to verify (list) the new OID info from a base64 cert?thx,sp
2014/1/22 Jindrich Dolezal <jindrich.dolezal@adaptivemobile.com>
hi,
have you tried something like this:
policyset.set1.p6.constraint.class_id=noConstraintImpl
policyset.set1.p6.constraint.name=No Constraint
policyset.set1.p6.default.class_id=userExtensionDefaultImpl
policyset.set1.p6.default.name=User Supplied Key Usage Extension
policyset.set1.p6.default.params.userExtOID=2.16.76.1.3.3
jd
On 01/22/2014 11:41 AM, Sergio Pereira wrote:
hi guys,
I'm trying to create a certificate profile in a way to have at the end a certificate with a special attributes (supplied by the user through web enrollment form). I'm running dogtag 10.1 on Fedora 20...fresh install. I added a certificate profile using pkiconsole but I'm struggling in how to find the right Policies, Inputs and Outputs for the new profile. The OID I intent to write to it is the 2.16.76.1.3.3 (country specific OID). Here is my profile's config file:
auth.instance_id=desc=UserCNPJenable=falseenableBy=admininput.CNPJ.class_id=genericInputImplinput.CNPJ.name=Generic Inputinput.CNPJ.params.gi_display_name0=Cadastro Nacional Pessoa Juridicainput.CNPJ.params.gi_display_name1=input.CNPJ.params.gi_display_name2=input.CNPJ.params.gi_display_name3=input.CNPJ.params.gi_display_name4=input.CNPJ.params.gi_param_enable0=trueinput.CNPJ.params.gi_param_enable1=falseinput.CNPJ.params.gi_param_enable2=falseinput.CNPJ.params.gi_param_enable3=falseinput.CNPJ.params.gi_param_enable4=falseinput.CNPJ.params.gi_param_name0=cnpjinput.CNPJ.params.gi_param_name1=input.CNPJ.params.gi_param_name2=input.CNPJ.params.gi_param_name3=input.CNPJ.params.gi_param_name4=input.i1.class_id=keyGenInputImplinput.i1.name=Key Generation Inputinput.i2.class_id=subjectNameInputImplinput.i2.name=Subject Name Inputinput.i3.class_id=submitterInfoInputImplinput.i3.name=Submitter Information Inputinput.list=i1,i2,i3,CNPJinput.params.gi_display_name0=Cadastro Nacional Pessoa Juridicainput.params.gi_display_name1=input.params.gi_display_name2=input.params.gi_display_name3=input.params.gi_display_name4=input.params.gi_param_enable0=trueinput.params.gi_param_enable1=falseinput.params.gi_param_enable2=falseinput.params.gi_param_enable3=falseinput.params.gi_param_enable4=falseinput.params.gi_param_name0=cnpjinput.params.gi_param_name1=input.params.gi_param_name2=input.params.gi_param_name3=input.params.gi_param_name4=lastModified=1390319210315name=UserCNPJoutput.list=o1output.o1.class_id=certOutputImploutput.o1.name=Certificate Outputpolicyset.list=set1policyset.set1.list=p1,p2,p3,p4,p5,p06policyset.set1.p06.constraint.class_id=noConstraintImplpolicyset.set1.p06.constraint.name=No Constraintpolicyset.set1.p06.default.class_id=userExtensionDefaultImplpolicyset.set1.p06.default.name=User Supplied Extension Defaultpolicyset.set1.p06.default.params.userExtOID=Comment Here...policyset.set1.p1.constraint.class_id=noConstraintImplpolicyset.set1.p1.constraint.name=No Constraintpolicyset.set1.p1.default.class_id=userSubjectNameDefaultImplpolicyset.set1.p1.default.name=User Supplied Subject Name Defaultpolicyset.set1.p2.constraint.class_id=noConstraintImplpolicyset.set1.p2.constraint.name=No Constraintpolicyset.set1.p2.default.class_id=validityDefaultImplpolicyset.set1.p2.default.name=Validity Defaultpolicyset.set1.p2.default.params.range=180policyset.set1.p2.default.params.startTime=0policyset.set1.p3.constraint.class_id=noConstraintImplpolicyset.set1.p3.constraint.name=No Constraintpolicyset.set1.p3.default.class_id=userKeyDefaultImplpolicyset.set1.p3.default.name=User Supplied Key Defaultpolicyset.set1.p3.default.params.keyMaxLength=4096policyset.set1.p3.default.params.keyMinLength=512policyset.set1.p3.default.params.keyType=RSApolicyset.set1.p4.constraint.class_id=noConstraintImplpolicyset.set1.p4.constraint.name=No Constraintpolicyset.set1.p4.default.class_id=signingAlgDefaultImplpolicyset.set1.p4.default.name=Signing Algorithm Defaultpolicyset.set1.p4.default.params.signingAlg=-policyset.set1.p4.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,,SHA512withECpolicyset.set1.p5.constraint.class_id=noConstraintImplpolicyset.set1.p5.constraint.name=No Constraintpolicyset.set1.p5.default.class_id=keyUsageExtDefaultImplpolicyset.set1.p5.default.name=Key Usage Extension Defaultpolicyset.set1.p5.default.params.keyUsageCritical=truepolicyset.set1.p5.default.params.keyUsageCrlSign=truepolicyset.set1.p5.default.params.keyUsageDataEncipherment=truepolicyset.set1.p5.default.params.keyUsageDecipherOnly=truepolicyset.set1.p5.default.params.keyUsageDigitalSignature=truepolicyset.set1.p5.default.params.keyUsageEncipherOnly=truepolicyset.set1.p5.default.params.keyUsageKeyAgreement=truepolicyset.set1.p5.default.params.keyUsageKeyCertSign=truepolicyset.set1.p5.default.params.keyUsageKeyEncipherment=truepolicyset.set1.p5.default.params.keyUsageNonRepudiation=truevisible=truethx in advance,sergio
_______________________________________________ Pki-users mailing list Pki-users@redhat.com https://www.redhat.com/mailman/listinfo/pki-users
</pre>****************************************************************************************<br>This email and any files transmitted with are confidential and intended solely for the<br>use of the individual or entity to whom they are addressed. If you have received this<br>email in error then please delete it and notify the sender. Do not make a copy or forward<br>it to anyone. This footnote also confirms that this email message has been swept for the<br>presence of computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O<br>****************************************************************************************</pre>
_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
</pre>****************************************************************************************<br>This email and any files transmitted with are confidential and intended solely for the<br>use of the individual or entity to whom they are addressed. If you have received this<br>email in error then please delete it and notify the sender. Do not make a copy or forward<br>it to anyone. This footnote also confirms that this email message has been swept for the<br>presence of computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O<br>****************************************************************************************</pre>