I see nothing that seem incorrect in your configurations, I will try a test, meanwhile, could you indicate the exact RHEL or Fedora versions and rpm -q pki-ca ?and are there any other related debug log entries? (like about PolicyQualifiers0.usernotice.enable )Thanks,M.On Wed, Apr 24, 2019 at 10:19 AM Jonathan Montero <jmrxto@gmail.com> wrote:Hi, thanks for your answer- in the profile, that policyset.caCertSet.list has p7 DONE- the CA was restarted after the custom profile changes DONE- debug log DONE?[24/Apr/2019:12:45:33][http-bio-8443-exec-1]: RequestProcessor: profileId=caClase1[24/Apr/2019:12:46:29][localhost-startStop-1]: Start Profile Creation - caClase1 caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile[24/Apr/2019:12:46:29][localhost-startStop-1]: Done Profile Creation - caClase1[24/Apr/2019:12:46:29][localhost-startStop-1]: Registered Confirmation - caClase1Also looked for more logs...I see and XML section for some reason i see this in the XML<description>This default populates a Certificate Policies Extension to the request. The default values are Criticality=true, {PoliciesExt.num:1,{Enable:true,Policy Id:1.3.6.1.4.1.6.1.1.1.1,PolicyQualifiers.num:,{CPSuri Enable:true,UserNotice Enable:true,UserNoticeReference Organization:Company text Here,UserNoticeReference Numbers:1,UserNoticeReference Explicit Text:Some Text Here,CPS uri:http://url.com/}}}</description>BUTTTTT, if i go down in the file i seePoliciesExt.certPolicy0.enable:true
PoliciesExt.certPolicy0.policyId:1.3.6.1.4.1.6.1.1.1.1
PoliciesExt.certPolicy0.PolicyQualifiers.num:1
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable:true
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value:http://url.com/
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable:false
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization:
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers:
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value:
The last 3 lines are EMPTY.On Wed, Apr 24, 2019 at 12:26 PM Marc Sauton <msauton@redhat.com> wrote:make sure:- in the profile, that policyset.caCertSet.list has p7- the CA was restarted after the custom profile changes- a review of the CA debug log, the profile you modified should be listed after a restart as, for example:[14/Feb/2019:00:30:49][localhost-startStop-1]: added plugin profile caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate Authority Server Certificate Enrollment Profile com.netscape.cms.profile.common.ServerCertCAEnrollProfile[14/Feb/2019:00:31:43][localhost-startStop-1]: added plugin profile caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate Authority Server Certificate Enrollment Profile com.netscape.cms.profile.common.ServerCertCAEnrollProfile[14/Feb/2019:00:31:45][localhost-startStop-1]: Start Profile Creation - caServerCert caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile[14/Feb/2019:00:31:45][localhost-startStop-1]: Done Profile Creation - caServerCert[14/Feb/2019:00:31:45][localhost-startStop-1]: Registered Confirmation - caServerCertand between the "Start" and "Done", there should be the details of the profile, with string "BasicProfile: createProfilePolicy" and more info- review the same debug log after enrollment, for more details.Thanks,Marc S.On Tue, Apr 23, 2019 at 9:23 PM Jonathan Montero <jmrxto@gmail.com> wrote:_______________________________________________Hi, I'm having an issue regarding the certificates policies.It is as follows...policyset.caCertSet.p7.constraint.class_id=noConstraintImplpolicyset.caCertSet.p7.constraint.name=No Constraintpolicyset.caCertSet.p7.default.class_id=certificatePoliciesExtDefaultImplpolicyset.caCertSet.p7.default.name=Certificate Policies Extension Defaultpolicyset.caCertSet.p7.default.params.Critical=truepolicyset.caCertSet.p7.default.params.PoliciesExt.num=1policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.enable=truepolicyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=truepolicyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=http://url.com/policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=truepolicyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=Some Text Herepolicyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=1policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=Company text HereSo, with this configuration i got not all the result i want, don't know why....i obtainpolicyId=1.3.6.1.4.1.6.1.1.1.1AlsoCPSURI.value=http://url.com/But can't get the explicitText.value and organization...For some reason, those 2 latter options don't appear in the certificate.What could this be?
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users