However, when I did modify the *.cfg files in the profiles/ca
directory to customize the extensions, none of the changes were
picked up. I've only focused on the SHA-2 issue because that
seemed to be symptomatic of the underlying problem - but the
real problem is that the entire certificate is not customizable
in the installation process.
Or, are you suggesting that with the fix compiled in, all the
profile changes will get included too?
Arshad Noor
StrongAuth, Inc.
Chandrasekar Kannan wrote:
On 04/08/2010 04:33 PM, Arshad Noor wrote:
>
> However, to follow up on the other issue - the documentation
> on RHBA-2009-1602 suggests that only the SHA-2 algorithm issue
> can be fixed. Am I still stuck with the renewal method to get
> the other certificate extensions fixed - the keyUsages, AIA,
> OCSPNoCheck, etc?
I don't think so. You should be able to get those customized
by editing those profile config files in question before going
through the wizard. Sha-2 was a bit hard-coded IIRC , hence it
required code changes.