[Pki-users] Questions on customizing certificate profiles
Andrew Wnuk
awnuk at redhat.com
Fri Apr 9 00:20:31 UTC 2010
As I said before, you can also customize your certificate using agent
approval page. You need to customize profile only for items that cannot
be edited through agent approval UI.
On 04/08/2010 04:52 PM, Arshad Noor wrote:
> However, when I did modify the *.cfg files in the profiles/ca
> directory to customize the extensions, none of the changes were
> picked up. I've only focused on the SHA-2 issue because that
> seemed to be symptomatic of the underlying problem - but the
> real problem is that the entire certificate is not customizable
> in the installation process.
>
> Or, are you suggesting that with the fix compiled in, all the
> profile changes will get included too?
>
> Arshad Noor
> StrongAuth, Inc.
>
> Chandrasekar Kannan wrote:
>> On 04/08/2010 04:33 PM, Arshad Noor wrote:
>>>
>>> However, to follow up on the other issue - the documentation
>>> on RHBA-2009-1602 suggests that only the SHA-2 algorithm issue
>>> can be fixed. Am I still stuck with the renewal method to get
>>> the other certificate extensions fixed - the keyUsages, AIA,
>>> OCSPNoCheck, etc?
>>
>> I don't think so. You should be able to get those customized
>> by editing those profile config files in question before going
>> through the wizard. Sha-2 was a bit hard-coded IIRC , hence it
>> required code changes.
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list