Fraser, I enjoyed reading the blog article from 8/2015 in which you described how to create a custom certificate profile for provisioning S/MIME certificates. I'm currently struggling to complete a task using Red Hat Certificate System that I understand probably needs to involve creating a custom certificate profile. I'm trying to provision a set of CA certificates using dual root, mutually cross signed CAs. I did it using openssl first, and that went wonderfully. For reference, I'm trying to do what is described in this Wikipedia page: https://en.wikipedia.org/wiki/X.509#Example_1:_Cross-certification_at_roo... I'm working with Red Hat Certificate System PKIs installed on two different AWS EC2 instances. I'm almost a complete newbie when it comes to working with certificate profiles, unfortunately. I find it rather daunting. I'm determined to get this done and working, though. I can certainly use all the help I can get! Cheers, Steve Laesch