Hi Akshath,
It's very common for Dogtag users to create customized profiles
themselves. So creating two profiles with each tailored to what's needed
is what you need.
The RHCS documentation should cover it. e.g.:
Hope this helps,
Christina
On Fri, Jan 17, 2020 at 8:21 PM Marc Sauton <msauton(a)redhat.com> wrote:
I believe that would be a RFE, because by default, there is only 1
profile
out of the box, called caRouterCert.cfg, for 1 set of the "Key Usage
Extension Constraint", and we would need 2 profiles.
The workaround is to use a third party tool from EPEL, called sscep, it
does exist for Fedora and RHEL-7.
See:
https://access.redhat.com/documentation/en-us/red_hat_certificate_system/...
https://github.com/certnanny/sscep
Thanks,
M.
On Fri, Jan 17, 2020 at 6:51 AM Akshath Hegde <arhsagar(a)gmail.com> wrote:
> Hi,
> I'm trying to enroll my router with dogtag CA through scep. On router I
> have 2 different rsa keypairs, one of which is to be used onyl for signing
> and the other for key encipherment. The router sends scep requests for each
> of these keys and 2 certificates are expected at the end. I need the key
> usage extension from the server for this. I need some help in editing the
> profile for this. I tried editing caRouterCert.cfg file with different
> values for defaults and constraints, but I couldnt see how to get the final
> cert o have just what was in the request. If I put default as true for
> both, then both of them would be in the cert request in both requests sent
> by router, and when its false none would be there. Any help regarding how
> to achieve this would be greatly appreciated
>
> Thanks
> Akshath
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/pki-users
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users