Dear Marcin, thank you for the reply.
I have tried the same with the UserCert profile. But didn't work for me. Anyway I'll give another try. Kamal On Tue, Apr 5, 2016 at 4:07 PM, marcin kowalski <[email protected]> wrote: > I did something like this, a while ago, on DogTag. Seems to work for me. > > > I did that on server certificate profile ; so you may need to adjust it a > bit. > > /var/lib/pki/<instance>/ca/profiles/ca/caServerCert.cfg > ================================================ > policyset.serverCertSet.5.constraint.class_id=noConstraintImpl > policyset.serverCertSet.5.constraint.name=No Constraint > policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl > policyset.serverCertSet.5.default.name=AIA Extension Default > > <!-- this is the default OCSP entry, configured elsewhere in your pki > instance, i just left it here --> > policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true > > policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName > policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0= > > policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 > policyset.serverCertSet.5.default.params.authInfoAccessCritical=false > > <!-- these are custom entries --> > policyset.serverCertSet.5.default.params.authInfoAccessADEnable_1=true > > policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_1=URIName > policyset.serverCertSet.5.default.params.authInfoAccessADLocation_1= > http://server1/root.crt > > policyset.serverCertSet.5.default.params.authInfoAccessADMethod_1=1.3.6.1.5.5.7.48.2 > > policyset.serverCertSet.5.default.params.authInfoAccessADEnable_2=true > > policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_2=URIName > policyset.serverCertSet.5.default.params.authInfoAccessADLocation_2= > http://server2/root.crt > > policyset.serverCertSet.5.default.params.authInfoAccessADMethod_2=1.3.6.1.5.5.7.48.2 > > > <!-- adjust as necessary the amount of entries here --> > policyset.serverCertSet.5.default.params.authInfoAccessCritical=false > policyset.serverCertSet.5.default.params.authInfoAccessNumADs=3 > > > > After that, restart your instance and review the certificate request in > agent. Hope it works fine. > > > 2016-04-01 15:08 GMT+02:00 Kamal Perera <[email protected]>: > >> Dear All, >> >> Hope you guys are doing great. >> >> I just want to know how to configure the user certificate profile to have >> both OCSP URL and CA ISSUERs certificate URL to be present in the >> certificate. >> >> Thanks. >> Kaml >> >> _______________________________________________ >> Pki-users mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/pki-users >> > >
_______________________________________________ Pki-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-users
