you could try to mofidy a profile for SSL server certificat enrollment:

cp -p /var/lib/pki/pki-ca1/ca/profiles/ca/caServerCert.cfg /var/lib/pki/pki-ca1/ca/profiles/ca/caServerCert.cfg.orig

vim /var/lib/pki/pki-ca1/ca/profiles/ca/caServerCert.cfg

...snip...

policyset.serverCertSet.list=1,2,3,4,5,6,7,8,pp

...snip...

policyset.serverCertSet.pp.constraint.class_id=extensionConstraintImpl

policyset.serverCertSet.pp.constraint.name=Extension Constraint

policyset.serverCertSet.pp.constraint.params.extOID=1.3.6.1.4.1.34380.1.1.13

policyset.serverCertSet.pp.constraint.params.extCritical=false

policyset.serverCertSet.pp.default.class_id=userExtensionDefaultImpl

policyset.serverCertSet.pp.default.name=User Supplied Key Usage Extension

policyset.serverCertSet.pp.default.params.userExtOID=1.3.6.1.4.1.34380.1.1.13

policyset.serverCertSet.pp.default.params.userExtCritical=false

restart the CA and apply a CSR to the modified profile that has a user supplied extension for that OID, and a value, they should then appear in the X509v3 extensions of the issued certificate

On Thu, Dec 8, 2016 at 2:56 AM, joris dedieu <joris.dedieu@gmail.com> wrote:

Hi list,
I'm currently trying to add some extensions (For puppet trusted
factshttps://docs.puppet.com/puppet/latest/ssl_attributes_extensions.html)
to my certificates. As far as I understand, I have to create / modify
a profile to do so. From the CSR, I can see the request extension

Requested Extensions:
1.3.6.1.4.1.34380.1.1.13:
..my_puppet_role
X509v3 Subject Alternative Name:

So basically the question is how to declare 1.3.6.1.4.1.34380.1.1.13
retrieve it's value in $request$ ? Is there something similar,
somewhere that I can use as an example ? a doc to read ?

Many thanks
Joris

_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users