11:21 p.m.
Hi, I'm having an issue regarding the certificates policies.
It is as follows...
policyset.caCertSet.p7.constraint.class_id=noConstraintImpl
policyset.caCertSet.p7.constraint.name=No Constraint
policyset.caCertSet.p7.default.class_id=certificatePoliciesExtDefaultImpl
policyset.caCertSet.p7.default.name=Certificate Policies Extension Default
policyset.caCertSet.p7.default.params.Critical=true
policyset.caCertSet.p7.default.params.PoliciesExt.num=1
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.enable=true
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=
http://url.com/
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=true
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=Some
Text Here
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=1
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=Company
text Here
So, with this configuration i got not all the result i want, don't know
why....
i obtain
policyId=1.3.6.1.4.1.6.1.1.1.1
Also
CPSURI.value=http://url.com/
But can't get the explicitText.value and organization...
For some reason, those 2 latter options don't appear in the certificate.
What could this be?
Jonathan Montero
IT Professional | IT Trainer
M: 809-609-3003
S: tuxmontero
E: jmrxto(a)gmail.com
A: Santo Domingo, DR
jonathanmontero.com
<https://www.linkedin.com/in/monterojonathan>
<https://twitter.com/tuxmontero> <https://www.facebook.com/jmrxto>
<https://github.com/tuxmontero>
11:26 a.m.
make sure:
- in the profile, that policyset.caCertSet.list has p7
- the CA was restarted after the custom profile changes
- a review of the CA debug log, the profile you modified should be listed
after a restart as, for example:
[14/Feb/2019:00:30:49][localhost-startStop-1]: added plugin profile
caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate
Authority Server Certificate Enrollment Profile
com.netscape.cms.profile.common.ServerCertCAEnrollProfile
[14/Feb/2019:00:31:43][localhost-startStop-1]: added plugin profile
caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate
Authority Server Certificate Enrollment Profile
com.netscape.cms.profile.common.ServerCertCAEnrollProfile
[14/Feb/2019:00:31:45][localhost-startStop-1]: Start Profile Creation -
caServerCert caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile
[14/Feb/2019:00:31:45][localhost-startStop-1]: Done Profile Creation -
caServerCert
[14/Feb/2019:00:31:45][localhost-startStop-1]: Registered Confirmation -
caServerCert
and between the "Start" and "Done", there should be the details of
the
profile, with string "BasicProfile: createProfilePolicy" and more info
- review the same debug log after enrollment, for more details.
Thanks,
Marc S.
On Tue, Apr 23, 2019 at 9:23 PM Jonathan Montero <jmrxto(a)gmail.com> wrote:
Hi, I'm having an issue regarding the certificates policies.
It is as follows...
policyset.caCertSet.p7.constraint.class_id=noConstraintImpl
policyset.caCertSet.p7.constraint.name=No Constraint
policyset.caCertSet.p7.default.class_id=certificatePoliciesExtDefaultImpl
policyset.caCertSet.p7.default.name=Certificate Policies Extension Default
policyset.caCertSet.p7.default.params.Critical=true
policyset.caCertSet.p7.default.params.PoliciesExt.num=1
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.enable=true
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=
http://url.com/
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=true
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=Some
Text Here
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=1
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=Company
text Here
So, with this configuration i got not all the result i want, don't know
why....
i obtain
policyId=1.3.6.1.4.1.6.1.1.1.1
Also
CPSURI.value=http://url.com/
But can't get the explicitText.value and organization...
For some reason, those 2 latter options don't appear in the certificate.
What could this be?
Jonathan Montero
IT Professional | IT Trainer
M: 809-609-3003
S: tuxmontero
E: jmrxto(a)gmail.com
A: Santo Domingo, DR
jonathanmontero.com
<https://www.linkedin.com/in/monterojonathan>
<https://twitter.com/tuxmontero> <https://www.facebook.com/jmrxto>
<https://github.com/tuxmontero>
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
12:19 p.m.
Hi, thanks for your answer
- in the profile, that policyset.caCertSet.list has p7 *DONE*
- the CA was restarted after the custom profile changes *DONE*
- debug log *DONE?*
[24/Apr/2019:12:45:33][http-bio-8443-exec-1]: RequestProcessor:
profileId=caClase1
[24/Apr/2019:12:46:29][localhost-startStop-1]: Start Profile Creation -
caClase1 caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile
[24/Apr/2019:12:46:29][localhost-startStop-1]: Done Profile Creation -
caClase1
[24/Apr/2019:12:46:29][localhost-startStop-1]: Registered Confirmation -
caClase1
Also looked for more logs...
I see and XML section for some reason i see this in the XML
<description>This default populates a Certificate Policies Extension to the
request. The default values are Criticality=true,
{PoliciesExt.num:1,{Enable:true,Policy
Id:1.3.6.1.4.1.6.1.1.1.1,PolicyQualifiers.num:,{CPSuri
Enable:true,UserNotice Enable:true,UserNoticeReference Organization:Company
text Here,UserNoticeReference Numbers:1,UserNoticeReference Explicit
Text:Some Text Here,CPS uri:http://url.com/}}}</description>
*BUTTTTT, if i go down in the file i see*
PoliciesExt.certPolicy0.enable:true
PoliciesExt.certPolicy0.policyId:1.3.6.1.4.1.6.1.1.1.1
PoliciesExt.certPolicy0.PolicyQualifiers.num:1
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable:true
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value:http://url.com/&am...;
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable:*false*
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization:
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers:
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value:
*The last 3 lines are EMPTY.*
Jonathan Montero
IT Professional | IT Trainer
M: 809-609-3003
S: tuxmontero
E: jmrxto(a)gmail.com
A: Santo Domingo, DR
jonathanmontero.com
<https://www.linkedin.com/in/monterojonathan>
<https://twitter.com/tuxmontero> <https://www.facebook.com/jmrxto>
<https://github.com/tuxmontero>
On Wed, Apr 24, 2019 at 12:26 PM Marc Sauton <msauton(a)redhat.com> wrote:
make sure:
- in the profile, that policyset.caCertSet.list has p7
- the CA was restarted after the custom profile changes
- a review of the CA debug log, the profile you modified should be listed
after a restart as, for example:
[14/Feb/2019:00:30:49][localhost-startStop-1]: added plugin profile
caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate
Authority Server Certificate Enrollment Profile
com.netscape.cms.profile.common.ServerCertCAEnrollProfile
[14/Feb/2019:00:31:43][localhost-startStop-1]: added plugin profile
caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate
Authority Server Certificate Enrollment Profile
com.netscape.cms.profile.common.ServerCertCAEnrollProfile
[14/Feb/2019:00:31:45][localhost-startStop-1]: Start Profile Creation -
caServerCert caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile
[14/Feb/2019:00:31:45][localhost-startStop-1]: Done Profile Creation -
caServerCert
[14/Feb/2019:00:31:45][localhost-startStop-1]: Registered Confirmation -
caServerCert
and between the "Start" and "Done", there should be the details of
the
profile, with string "BasicProfile: createProfilePolicy" and more info
- review the same debug log after enrollment, for more details.
Thanks,
Marc S.
On Tue, Apr 23, 2019 at 9:23 PM Jonathan Montero <jmrxto(a)gmail.com> wrote:
> Hi, I'm having an issue regarding the certificates policies.
>
> It is as follows...
> policyset.caCertSet.p7.constraint.class_id=noConstraintImpl
> policyset.caCertSet.p7.constraint.name=No Constraint
> policyset.caCertSet.p7.default.class_id=certificatePoliciesExtDefaultImpl
> policyset.caCertSet.p7.default.name=Certificate Policies Extension
> Default
> policyset.caCertSet.p7.default.params.Critical=true
> policyset.caCertSet.p7.default.params.PoliciesExt.num=1
> policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.enable=true
>
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
>
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
>
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=
> http://url.com/
>
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=true
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=Some
> Text Here
>
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=1
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=Company
> text Here
>
>
> So, with this configuration i got not all the result i want, don't know
> why....
>
> i obtain
> policyId=1.3.6.1.4.1.6.1.1.1.1
>
> Also
> CPSURI.value=http://url.com/
>
> But can't get the explicitText.value and organization...
>
> For some reason, those 2 latter options don't appear in the certificate.
>
> What could this be?
>
>
>
>
> Jonathan Montero
>
> IT Professional | IT Trainer
> M: 809-609-3003
> S: tuxmontero
> E: jmrxto(a)gmail.com
> A: Santo Domingo, DR
>
> jonathanmontero.com
>
> <https://www.linkedin.com/in/monterojonathan>
> <https://twitter.com/tuxmontero> <https://www.facebook.com/jmrxto>
> <https://github.com/tuxmontero>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
2:31 p.m.
I see nothing that seem incorrect in your configurations, I will try a
test, meanwhile, could you indicate the exact RHEL or Fedora versions and
rpm -q pki-ca ?
and are there any other related debug log entries? (like about
PolicyQualifiers0.usernotice.enable )
Thanks,
M.
On Wed, Apr 24, 2019 at 10:19 AM Jonathan Montero <jmrxto(a)gmail.com> wrote:
Hi, thanks for your answer
- in the profile, that policyset.caCertSet.list has p7
*DONE*
- the CA was restarted after the custom profile changes *DONE*
- debug log *DONE?*
[24/Apr/2019:12:45:33][http-bio-8443-exec-1]: RequestProcessor:
profileId=caClase1
[24/Apr/2019:12:46:29][localhost-startStop-1]: Start Profile Creation -
caClase1 caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile
[24/Apr/2019:12:46:29][localhost-startStop-1]: Done Profile Creation -
caClase1
[24/Apr/2019:12:46:29][localhost-startStop-1]: Registered Confirmation -
caClase1
Also looked for more logs...
I see and XML section for some reason i see this in the XML
<description>This default populates a Certificate Policies Extension to
the request. The default values are Criticality=true,
{PoliciesExt.num:1,{Enable:true,Policy
Id:1.3.6.1.4.1.6.1.1.1.1,PolicyQualifiers.num:,{CPSuri
Enable:true,UserNotice Enable:true,UserNoticeReference Organization:Company
text Here,UserNoticeReference Numbers:1,UserNoticeReference Explicit
Text:Some Text Here,CPS uri:http://url.com/}}}</description>
*BUTTTTT, if i go down in the file i see*
PoliciesExt.certPolicy0.enable:true
PoliciesExt.certPolicy0.policyId:1.3.6.1.4.1.6.1.1.1.1
PoliciesExt.certPolicy0.PolicyQualifiers.num:1
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable:true
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value:http://url.com/&am...
;
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable:*false*
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization:
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers:
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value:
*The last 3 lines are EMPTY.*
Jonathan Montero
IT Professional | IT Trainer
M: 809-609-3003
S: tuxmontero
E: jmrxto(a)gmail.com
A: Santo Domingo, DR
jonathanmontero.com
<https://www.linkedin.com/in/monterojonathan>
<https://twitter.com/tuxmontero> <https://www.facebook.com/jmrxto>
<https://github.com/tuxmontero>
On Wed, Apr 24, 2019 at 12:26 PM Marc Sauton <msauton(a)redhat.com> wrote:
> make sure:
> - in the profile, that policyset.caCertSet.list has p7
> - the CA was restarted after the custom profile changes
> - a review of the CA debug log, the profile you modified should be listed
> after a restart as, for example:
> [14/Feb/2019:00:30:49][localhost-startStop-1]: added plugin profile
> caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate
> Authority Server Certificate Enrollment Profile
> com.netscape.cms.profile.common.ServerCertCAEnrollProfile
> [14/Feb/2019:00:31:43][localhost-startStop-1]: added plugin profile
> caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate
> Authority Server Certificate Enrollment Profile
> com.netscape.cms.profile.common.ServerCertCAEnrollProfile
> [14/Feb/2019:00:31:45][localhost-startStop-1]: Start Profile Creation -
> caServerCert caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile
> [14/Feb/2019:00:31:45][localhost-startStop-1]: Done Profile Creation -
> caServerCert
> [14/Feb/2019:00:31:45][localhost-startStop-1]: Registered Confirmation -
> caServerCert
> and between the "Start" and "Done", there should be the details
of the
> profile, with string "BasicProfile: createProfilePolicy" and more info
> - review the same debug log after enrollment, for more details.
> Thanks,
> Marc S.
>
> On Tue, Apr 23, 2019 at 9:23 PM Jonathan Montero <jmrxto(a)gmail.com>
> wrote:
>
>> Hi, I'm having an issue regarding the certificates policies.
>>
>> It is as follows...
>> policyset.caCertSet.p7.constraint.class_id=noConstraintImpl
>> policyset.caCertSet.p7.constraint.name=No Constraint
>> policyset.caCertSet.p7.default.class_id=certificatePoliciesExtDefaultImpl
>> policyset.caCertSet.p7.default.name=Certificate Policies Extension
>> Default
>> policyset.caCertSet.p7.default.params.Critical=true
>> policyset.caCertSet.p7.default.params.PoliciesExt.num=1
>> policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.enable=true
>>
>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
>>
>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
>>
>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=
>> http://url.com/
>>
>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=true
>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=Some
>> Text Here
>>
>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=1
>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=Company
>> text Here
>>
>>
>> So, with this configuration i got not all the result i want, don't know
>> why....
>>
>> i obtain
>> policyId=1.3.6.1.4.1.6.1.1.1.1
>>
>> Also
>> CPSURI.value=http://url.com/
>>
>> But can't get the explicitText.value and organization...
>>
>> For some reason, those 2 latter options don't appear in the certificate.
>>
>> What could this be?
>>
>>
>>
>>
>> Jonathan Montero
>>
>> IT Professional | IT Trainer
>> M: 809-609-3003
>> S: tuxmontero
>> E: jmrxto(a)gmail.com
>> A: Santo Domingo, DR
>>
>> jonathanmontero.com
>>
>> <https://www.linkedin.com/in/monterojonathan>
>> <https://twitter.com/tuxmontero> <https://www.facebook.com/jmrxto>
>> <https://github.com/tuxmontero>
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>
>
2:52 p.m.
Yes...
pki-ca-10.5.9-13.el7_6.noarch
CentOS
*Regarding the PolicyQualifiers0 in the debug log*
[24/Apr/2019:13:10:50][http-bio-8443-exec-1]: CAProcessor: -
policyQualifiers: PoliciesExt.num:1^M
PoliciesExt.certPolicy0.enable:true^M
PoliciesExt.certPolicy0.policyId:1.3.6.1.4.1.6.1.1.1.1^M
PoliciesExt.certPolicy0.PolicyQualifiers.num:1^M
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable:true^M
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value:http://url.com/^M
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable:false^M
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization:^M
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers:^M
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value:^M
As i told you, in this case, it looks like DISABLED, but in the
configuration file es ENABLED.
That's whats confuse me there...
*On the other hand, in the CS.cfg file, regarding that policy, look at
this.*
ca.Policy.rule.CertificatePoliciesExt.certPolicy0.cpsURI=
ca.Policy.rule.CertificatePoliciesExt.certPolicy0.noticeRefNumbers=
ca.Policy.rule.CertificatePoliciesExt.certPolicy0.noticeRefOrganization=
ca.Policy.rule.CertificatePoliciesExt.certPolicy0.policyId=
ca.Policy.rule.CertificatePoliciesExt.certPolicy0.userNoticeExplicitText=
ca.Policy.rule.CertificatePoliciesExt.critical=true
ca.Policy.rule.CertificatePoliciesExt.enable=true
ca.Policy.rule.CertificatePoliciesExt.implName=CertificatePoliciesExt
ca.Policy.rule.CertificatePoliciesExt.numCertPolicies=1
ca.Policy.rule.CertificatePoliciesExt.predicate=
The Critical and the Enable, by default were disabled, but i enabled them,
restarted the service, i even rebooted the server at all, but nothing yet.
Jonathan Montero
IT Professional | IT Trainer
M: 809-609-3003
S: tuxmontero
E: jmrxto(a)gmail.com
A: Santo Domingo, DR
jonathanmontero.com
<https://www.linkedin.com/in/monterojonathan>
<https://twitter.com/tuxmontero> <https://www.facebook.com/jmrxto>
<https://github.com/tuxmontero>
On Wed, Apr 24, 2019 at 3:31 PM Marc Sauton <msauton(a)redhat.com> wrote:
I see nothing that seem incorrect in your configurations, I will try
a
test, meanwhile, could you indicate the exact RHEL or Fedora versions and
rpm -q pki-ca ?
and are there any other related debug log entries? (like about
PolicyQualifiers0.usernotice.enable )
Thanks,
M.
On Wed, Apr 24, 2019 at 10:19 AM Jonathan Montero <jmrxto(a)gmail.com>
wrote:
> Hi, thanks for your answer
>
> - in the profile, that policyset.caCertSet.list has p7
> *DONE*
> - the CA was restarted after the custom profile changes *DONE*
> - debug log *DONE?*
> [24/Apr/2019:12:45:33][http-bio-8443-exec-1]: RequestProcessor:
> profileId=caClase1
> [24/Apr/2019:12:46:29][localhost-startStop-1]: Start Profile Creation -
> caClase1 caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile
> [24/Apr/2019:12:46:29][localhost-startStop-1]: Done Profile Creation -
> caClase1
> [24/Apr/2019:12:46:29][localhost-startStop-1]: Registered Confirmation -
> caClase1
>
> Also looked for more logs...
> I see and XML section for some reason i see this in the XML
> <description>This default populates a Certificate Policies Extension to
> the request. The default values are Criticality=true,
> {PoliciesExt.num:1,{Enable:true,Policy
> Id:1.3.6.1.4.1.6.1.1.1.1,PolicyQualifiers.num:,{CPSuri
> Enable:true,UserNotice Enable:true,UserNoticeReference Organization:Company
> text Here,UserNoticeReference Numbers:1,UserNoticeReference Explicit
> Text:Some Text Here,CPS uri:http://url.com/}}}</description>
>
> *BUTTTTT, if i go down in the file i see*
> PoliciesExt.certPolicy0.enable:true
> PoliciesExt.certPolicy0.policyId:1.3.6.1.4.1.6.1.1.1.1
> PoliciesExt.certPolicy0.PolicyQualifiers.num:1
> PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable:true
> PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value:
> http://url.com/
> PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable:*false*
>
>
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization:
>
>
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers:
>
> PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value:
>
> *The last 3 lines are EMPTY.*
>
>
> Jonathan Montero
>
> IT Professional | IT Trainer
> M: 809-609-3003
> S: tuxmontero
> E: jmrxto(a)gmail.com
> A: Santo Domingo, DR
>
> jonathanmontero.com
>
> <https://www.linkedin.com/in/monterojonathan>
> <https://twitter.com/tuxmontero> <https://www.facebook.com/jmrxto>
> <https://github.com/tuxmontero>
>
>
>
> On Wed, Apr 24, 2019 at 12:26 PM Marc Sauton <msauton(a)redhat.com> wrote:
>
>> make sure:
>> - in the profile, that policyset.caCertSet.list has p7
>> - the CA was restarted after the custom profile changes
>> - a review of the CA debug log, the profile you modified should be
>> listed after a restart as, for example:
>> [14/Feb/2019:00:30:49][localhost-startStop-1]: added plugin profile
>> caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate
>> Authority Server Certificate Enrollment Profile
>> com.netscape.cms.profile.common.ServerCertCAEnrollProfile
>> [14/Feb/2019:00:31:43][localhost-startStop-1]: added plugin profile
>> caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate
>> Authority Server Certificate Enrollment Profile
>> com.netscape.cms.profile.common.ServerCertCAEnrollProfile
>> [14/Feb/2019:00:31:45][localhost-startStop-1]: Start Profile Creation -
>> caServerCert caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile
>> [14/Feb/2019:00:31:45][localhost-startStop-1]: Done Profile Creation -
>> caServerCert
>> [14/Feb/2019:00:31:45][localhost-startStop-1]: Registered Confirmation -
>> caServerCert
>> and between the "Start" and "Done", there should be the
details of the
>> profile, with string "BasicProfile: createProfilePolicy" and more info
>> - review the same debug log after enrollment, for more details.
>> Thanks,
>> Marc S.
>>
>> On Tue, Apr 23, 2019 at 9:23 PM Jonathan Montero <jmrxto(a)gmail.com>
>> wrote:
>>
>>> Hi, I'm having an issue regarding the certificates policies.
>>>
>>> It is as follows...
>>> policyset.caCertSet.p7.constraint.class_id=noConstraintImpl
>>> policyset.caCertSet.p7.constraint.name=No Constraint
>>>
>>> policyset.caCertSet.p7.default.class_id=certificatePoliciesExtDefaultImpl
>>> policyset.caCertSet.p7.default.name=Certificate Policies Extension
>>> Default
>>> policyset.caCertSet.p7.default.params.Critical=true
>>> policyset.caCertSet.p7.default.params.PoliciesExt.num=1
>>>
>>> policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.enable=true
>>>
>>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
>>>
>>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
>>>
>>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=
>>> http://url.com/
>>>
>>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=true
>>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=Some
>>> Text Here
>>>
>>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=1
>>>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=Company
>>> text Here
>>>
>>>
>>> So, with this configuration i got not all the result i want, don't know
>>> why....
>>>
>>> i obtain
>>> policyId=1.3.6.1.4.1.6.1.1.1.1
>>>
>>> Also
>>> CPSURI.value=http://url.com/
>>>
>>> But can't get the explicitText.value and organization...
>>>
>>> For some reason, those 2 latter options don't appear in the certificate.
>>>
>>> What could this be?
>>>
>>>
>>>
>>>
>>> Jonathan Montero
>>>
>>> IT Professional | IT Trainer
>>> M: 809-609-3003
>>> S: tuxmontero
>>> E: jmrxto(a)gmail.com
>>> A: Santo Domingo, DR
>>>
>>> jonathanmontero.com
>>>
>>> <https://www.linkedin.com/in/monterojonathan>
>>> <https://twitter.com/tuxmontero>
<https://www.facebook.com/jmrxto>
>>> <https://github.com/tuxmontero>
>>>
>>> _______________________________________________
>>> Pki-users mailing list
>>> Pki-users(a)redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-users
>>
>>
8:18 p.m.
On Wed, Apr 24, 2019 at 12:21:23AM -0400, Jonathan Montero wrote:
Hi, I'm having an issue regarding the certificates policies.
It is as follows...
policyset.caCertSet.p7.constraint.class_id=noConstraintImpl
policyset.caCertSet.p7.constraint.name=No Constraint
policyset.caCertSet.p7.default.class_id=certificatePoliciesExtDefaultImpl
policyset.caCertSet.p7.default.name=Certificate Policies Extension Default
policyset.caCertSet.p7.default.params.Critical=true
policyset.caCertSet.p7.default.params.PoliciesExt.num=1
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.enable=true
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=
http://url.com/
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=true
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=Some
Text Here
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=1
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=Company
text Here
So, with this configuration i got not all the result i want, don't know
why....
i obtain
policyId=1.3.6.1.4.1.6.1.1.1.1
Also
CPSURI.value=http://url.com/
But can't get the explicitText.value and organization...
For some reason, those 2 latter options don't appear in the certificate.
What could this be?
Dogtag cert policies config is very unfriendly. Without having
confirmed, I'm pretty sure you need something like:
PoliciesExt.certPolicy0.enable=true
PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
PoliciesExt.certPolicy0.PolicyQualifiers.num=2
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=http://url.com/
PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.enable=true
PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.explicitText.value=Some text Here
PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.noticeReference.noticeNumbers=1
PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.noticeReference.organization=Company
text Here
Each policy qualified can be either a CPS URI or a user notice, so
if you want both, you need two qualifiers. This is not a
restriction in Dogtag, rather it is part of X.509 standard:
Qualifier ::= CHOICE {
cPSuri CPSuri,
userNotice UserNotice }
Hope that helps!
Cheers,
Fraser
9:52 p.m.
Thanks for your answer, but no, it didn't work...
i got a java error when i try to approve the certificate, meaning that
something is wrong with the configuration.
To be a good config i had to take all those 1 to 0 back again.
Jonathan Montero
IT Professional | IT Trainer
M: 809-609-3003
S: tuxmontero
E: jmrxto(a)gmail.com
A: Santo Domingo, DR
jonathanmontero.com
<https://www.linkedin.com/in/monterojonathan>
<https://twitter.com/tuxmontero> <https://www.facebook.com/jmrxto>
<https://github.com/tuxmontero>
On Sun, Apr 28, 2019 at 9:19 PM Fraser Tweedale <ftweedal(a)redhat.com> wrote:
On Wed, Apr 24, 2019 at 12:21:23AM -0400, Jonathan Montero wrote:
> Hi, I'm having an issue regarding the certificates policies.
>
> It is as follows...
> policyset.caCertSet.p7.constraint.class_id=noConstraintImpl
> policyset.caCertSet.p7.constraint.name=No Constraint
> policyset.caCertSet.p7.default.class_id=certificatePoliciesExtDefaultImpl
> policyset.caCertSet.p7.default.name=Certificate Policies Extension
Default
> policyset.caCertSet.p7.default.params.Critical=true
> policyset.caCertSet.p7.default.params.PoliciesExt.num=1
> policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.enable=true
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=
> http://url.com/
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=true
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=Some
> Text Here
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=1
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=Company
> text Here
>
>
> So, with this configuration i got not all the result i want, don't know
> why....
>
> i obtain
> policyId=1.3.6.1.4.1.6.1.1.1.1
>
> Also
> CPSURI.value=http://url.com/
>
> But can't get the explicitText.value and organization...
>
> For some reason, those 2 latter options don't appear in the certificate.
>
> What could this be?
>
Dogtag cert policies config is very unfriendly. Without having
confirmed, I'm pretty sure you need something like:
PoliciesExt.certPolicy0.enable=true
PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
PoliciesExt.certPolicy0.PolicyQualifiers.num=2
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=http://url.com/
PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.enable=true
PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.explicitText.value=Some
text Here
PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.noticeReference.noticeNumbers=1
PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.noticeReference.organization=Company
text Here
Each policy qualified can be either a CPS URI or a user notice, so
if you want both, you need two qualifiers. This is not a
restriction in Dogtag, rather it is part of X.509 standard:
Qualifier ::= CHOICE {
cPSuri CPSuri,
userNotice UserNotice }
Hope that helps!
Cheers,
Fraser
12:22 a.m.
There's an error in the configuration, but as pointed out in another
branch of the thread there is also a bug with arguement order which
is fatal to the UserNotice use case. So that will have to be
triaged and fix.
I did work out how to include multiple policy qualifiers, though.
UserNotice is broken but as an example, here's how to get two URIs
(common prefix elided):
PoliciesExt.num=1
PolicyQualifiers.num=2
PoliciesExt.certPolicy0.enable=true
PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
PoliciesExt.certPolicy0.PolicyQualifiers.num=2
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=http://foo.com/
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false
PoliciesExt.certPolicy0.PolicyQualifiers1.CPSURI.enable=true
PoliciesExt.certPolicy0.PolicyQualifiers1.CPSURI.value=http://bar.com/
PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.enable=false
It is necessary to include both CPSURL.enable=bool and
usernotice.enable=bool, with CPSURL taking precedence.
The PolicyQualifiers.num=N applies to all policies, which is a bug
(it prevents defining policies with different numbers of
qualifiers). But it is adequate for a single-policy,
multiple-qualifier use case.
Cheers,
Fraser
On Sun, Apr 28, 2019 at 10:52:22PM -0400, Jonathan Montero wrote:
Thanks for your answer, but no, it didn't work...
i got a java error when i try to approve the certificate, meaning that
something is wrong with the configuration.
To be a good config i had to take all those 1 to 0 back again.
Jonathan Montero
IT Professional | IT Trainer
M: 809-609-3003
S: tuxmontero
E: jmrxto(a)gmail.com
A: Santo Domingo, DR
jonathanmontero.com
<https://www.linkedin.com/in/monterojonathan>
<https://twitter.com/tuxmontero> <https://www.facebook.com/jmrxto>
<https://github.com/tuxmontero>
On Sun, Apr 28, 2019 at 9:19 PM Fraser Tweedale <ftweedal(a)redhat.com> wrote:
> On Wed, Apr 24, 2019 at 12:21:23AM -0400, Jonathan Montero wrote:
> > Hi, I'm having an issue regarding the certificates policies.
> >
> > It is as follows...
> > policyset.caCertSet.p7.constraint.class_id=noConstraintImpl
> > policyset.caCertSet.p7.constraint.name=No Constraint
> > policyset.caCertSet.p7.default.class_id=certificatePoliciesExtDefaultImpl
> > policyset.caCertSet.p7.default.name=Certificate Policies Extension
> Default
> > policyset.caCertSet.p7.default.params.Critical=true
> > policyset.caCertSet.p7.default.params.PoliciesExt.num=1
> > policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.enable=true
> >
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
> >
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
> >
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=
> > http://url.com/
> >
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=true
> >
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=Some
> > Text Here
> >
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=1
> >
>
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=Company
> > text Here
> >
> >
> > So, with this configuration i got not all the result i want, don't know
> > why....
> >
> > i obtain
> > policyId=1.3.6.1.4.1.6.1.1.1.1
> >
> > Also
> > CPSURI.value=http://url.com/
> >
> > But can't get the explicitText.value and organization...
> >
> > For some reason, those 2 latter options don't appear in the certificate.
> >
> > What could this be?
> >
> Dogtag cert policies config is very unfriendly. Without having
> confirmed, I'm pretty sure you need something like:
>
> PoliciesExt.certPolicy0.enable=true
> PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
> PoliciesExt.certPolicy0.PolicyQualifiers.num=2
> PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
> PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=http://url.com/
> PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.enable=true
> PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.explicitText.value=Some
> text Here
>
>
PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.noticeReference.noticeNumbers=1
>
PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.noticeReference.organization=Company
> text Here
>
> Each policy qualified can be either a CPS URI or a user notice, so
> if you want both, you need two qualifiers. This is not a
> restriction in Dogtag, rather it is part of X.509 standard:
>
>
> Qualifier ::= CHOICE {
> cPSuri CPSuri,
> userNotice UserNotice }
>
> Hope that helps!
>
> Cheers,
> Fraser
>
2:24 a.m.
On Mon, Apr 29, 2019 at 03:22:17PM +1000, Fraser Tweedale wrote:
There's an error in the configuration, but as pointed out in
another
branch of the thread there is also a bug with arguement order which
is fatal to the UserNotice use case. So that will have to be
triaged and fix.
I did work out how to include multiple policy qualifiers, though.
UserNotice is broken but as an example, here's how to get two URIs
(common prefix elided):
PoliciesExt.num=1
PolicyQualifiers.num=2
PoliciesExt.certPolicy0.enable=true
PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
PoliciesExt.certPolicy0.PolicyQualifiers.num=2
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=http://foo.com/
PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false
PoliciesExt.certPolicy0.PolicyQualifiers1.CPSURI.enable=true
PoliciesExt.certPolicy0.PolicyQualifiers1.CPSURI.value=http://bar.com/
PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.enable=false
It is necessary to include both CPSURL.enable=bool and
usernotice.enable=bool, with CPSURL taking precedence.
The PolicyQualifiers.num=N applies to all policies, which is a bug
(it prevents defining policies with different numbers of
qualifiers). But it is adequate for a single-policy,
multiple-qualifier use case.
Cheers,
Fraser
Filed ticket: https://pagure.io/dogtagpki/issue/3100
On Sun, Apr 28, 2019 at 10:52:22PM -0400, Jonathan Montero wrote:
> Thanks for your answer, but no, it didn't work...
>
> i got a java error when i try to approve the certificate, meaning that
> something is wrong with the configuration.
>
> To be a good config i had to take all those 1 to 0 back again.
>
>
>
> Jonathan Montero
>
> IT Professional | IT Trainer
> M: 809-609-3003
> S: tuxmontero
> E: jmrxto(a)gmail.com
> A: Santo Domingo, DR
>
> jonathanmontero.com
>
> <https://www.linkedin.com/in/monterojonathan>
> <https://twitter.com/tuxmontero> <https://www.facebook.com/jmrxto>
> <https://github.com/tuxmontero>
>
>
>
> On Sun, Apr 28, 2019 at 9:19 PM Fraser Tweedale <ftweedal(a)redhat.com> wrote:
>
> > On Wed, Apr 24, 2019 at 12:21:23AM -0400, Jonathan Montero wrote:
> > > Hi, I'm having an issue regarding the certificates policies.
> > >
> > > It is as follows...
> > > policyset.caCertSet.p7.constraint.class_id=noConstraintImpl
> > > policyset.caCertSet.p7.constraint.name=No Constraint
> > > policyset.caCertSet.p7.default.class_id=certificatePoliciesExtDefaultImpl
> > > policyset.caCertSet.p7.default.name=Certificate Policies Extension
> > Default
> > > policyset.caCertSet.p7.default.params.Critical=true
> > > policyset.caCertSet.p7.default.params.PoliciesExt.num=1
> > > policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.enable=true
> > >
> >
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
> > >
> >
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
> > >
> >
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=
> > > http://url.com/
> > >
> >
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=true
> > >
> >
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=Some
> > > Text Here
> > >
> >
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=1
> > >
> >
policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=Company
> > > text Here
> > >
> > >
> > > So, with this configuration i got not all the result i want, don't
know
> > > why....
> > >
> > > i obtain
> > > policyId=1.3.6.1.4.1.6.1.1.1.1
> > >
> > > Also
> > > CPSURI.value=http://url.com/
> > >
> > > But can't get the explicitText.value and organization...
> > >
> > > For some reason, those 2 latter options don't appear in the
certificate.
> > >
> > > What could this be?
> > >
> > Dogtag cert policies config is very unfriendly. Without having
> > confirmed, I'm pretty sure you need something like:
> >
> > PoliciesExt.certPolicy0.enable=true
> > PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1
> > PoliciesExt.certPolicy0.PolicyQualifiers.num=2
> > PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
> > PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=http://url.com/
> > PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.enable=true
> > PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.explicitText.value=Some
> > text Here
> >
> >
PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.noticeReference.noticeNumbers=1
> >
PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.noticeReference.organization=Company
> > text Here
> >
> > Each policy qualified can be either a CPS URI or a user notice, so
> > if you want both, you need two qualifiers. This is not a
> > restriction in Dogtag, rather it is part of X.509 standard:
> >
> >
> > Qualifier ::= CHOICE {
> > cPSuri CPSuri,
> > userNotice UserNotice }
> >
> > Hope that helps!
> >
> > Cheers,
> > Fraser
> >
2063
days inactive
2068
days old
8 comments
3 participants
participants (3)
-
Fraser Tweedale -
Jonathan Montero -
Marc Sauton