Re: [Pki-users] Modify Certificate Profies - include SubjectAltName

Looking at the ‘CAUserCert.cfg’ profile (first profile on the WEB Agent profile-list) it appears it should trigger the inclusion of the “SubjectAltName” extension. I have not been successful generating any certicites where the SubjectAltName extension is included! In the Agents display the SubjectAltName is listed as ‘Null’ – even after editing the ‘Null’ to the desired RFC822 value, the issued certificate always comes without any SubjectAtltName extension? What can I do to get the CA to include the SubjectAltName extension? I am always specifying an email value in the request field! Ebbe "This message and any attached documents contain SPYRUS confidential and/or proprietary information and may be subject to privilege or exempt from disclosure under applicable law. These materials are intended only for the use of the intended recipient. If you are not the intended recipient of this electronic message, you are hereby notified that any use of this message is strictly prohibited. Delivery of this message to any person other than the intended recipient shall not constitute any waiver of any privilege. If you have received this message in error, please delete this message from your system and notify the sender immediately. Thank you." ------------------------------------------------------------------------ *From:* pki-users-bounces(a)redhat.com [mailto:pki-users-bounces@redhat.com] *On Behalf Of *Chris *Sent:* Wednesday, April 09, 2008 10:10 PM *To:* pki-users(a)redhat.com *Subject:* Re: [Pki-users] Modify Certificate Profies Thanks. That worked. On Wed, Apr 9, 2008 at 12:10 PM, Christina Fu <cfu(a)redhat.com <mailto:cfu@redhat.com>> wrote: Profiles can be configured in <Dogtag install root>/profiles/ca. If you add your own new profiles, you need to modify <Dogtag install root>//conf/CS.cfg "profile.list" to contain the new profile name, and add the corresponding "class_id" and "config" (see the existing entries in CS.cfg as example), and restart the CA. In addition, Dogtag provides flexible plugin infrastructure that allows people to customize various areas. Profile is one of them. The standard profile related polugins code is in pki/base/common/src/com/netscape/cms/profile/. That's for advanced users who know what they are doing. Make sure the certs produced still comply. hope this helps. Christina Chris wrote: Sorry, hit the send by mistake.... I've succesfully installed Dogtag. The documentation was clear and I didn't have any issues. My question is in regards to customizing certificate profiles. In the current CA environment I manager, I deal with customizing profiles. Is there a way to create customized certificate profiles? The fields which apply are: CertificatePolicies - Policy Identifier - User Notice with custom text ExtendedKeyUsage - New Key Usage OID Also, in one profile, we've created a new field that programically ties to the EKU On our current CA software, a config file is modified to customize profiles. Also there is some DER encoding required to convert the appropriate text. Is this feature available? ------------------------------------------------------------------------ _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com <mailto:Pki-users@redhat.com> https://www.redhat.com/mailman/listinfo/pki-users _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com <mailto:Pki-users@redhat.com> https://www.redhat.com/mailman/listinfo/pki-users ------------------------------------------------------------------------ _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users