Hello all,

I am trying to build internal PKI - two levels CA (Root and Intermediate) with dogtag 10.1.2 on CentOS 7.1.

When I use pkispawn to create the first CA (Root) the certificates are created with predefined validity, signature algorithm, CN name, X509v3 extensions and etc. 

I searched for options/parameters which I can use with pkispawn and deployment config but I manage to find only this:
https://fedorapeople.org/cgit/edewata/public_git/pki-dev.git/tree/scripts/ca.cfg

Are there such options/parameters to customize the validity, CN, algorithm and etc during the build process with pkispawn?

Or if not what are my options?

Maybe I have to edit the some of the cfg in /usr/share/pki/ca/conf ?

Much appreciate if someone can give me hints or help!