Thanks for your answer, but no, it didn't work... i got a java error when i try to approve the certificate, meaning that something is wrong with the configuration.
To be a good config i had to take all those 1 to 0 back again. Jonathan Montero IT Professional | IT Trainer M: 809-609-3003 S: tuxmontero E: jmr...@gmail.com A: Santo Domingo, DR jonathanmontero.com <https://www.linkedin.com/in/monterojonathan> <https://twitter.com/tuxmontero> <https://www.facebook.com/jmrxto> <https://github.com/tuxmontero> On Sun, Apr 28, 2019 at 9:19 PM Fraser Tweedale <ftwee...@redhat.com> wrote: > On Wed, Apr 24, 2019 at 12:21:23AM -0400, Jonathan Montero wrote: > > Hi, I'm having an issue regarding the certificates policies. > > > > It is as follows... > > policyset.caCertSet.p7.constraint.class_id=noConstraintImpl > > policyset.caCertSet.p7.constraint.name=No Constraint > > policyset.caCertSet.p7.default.class_id=certificatePoliciesExtDefaultImpl > > policyset.caCertSet.p7.default.name=Certificate Policies Extension > Default > > policyset.caCertSet.p7.default.params.Critical=true > > policyset.caCertSet.p7.default.params.PoliciesExt.num=1 > > policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.enable=true > > > policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1 > > > policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true > > > policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value= > > http://url.com/ > > > policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=true > > > policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=Some > > Text Here > > > policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=1 > > > policyset.caCertSet.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=Company > > text Here > > > > > > So, with this configuration i got not all the result i want, don't know > > why.... > > > > i obtain > > policyId=1.3.6.1.4.1.6.1.1.1.1 > > > > Also > > CPSURI.value=http://url.com/ > > > > But can't get the explicitText.value and organization... > > > > For some reason, those 2 latter options don't appear in the certificate. > > > > What could this be? > > > Dogtag cert policies config is very unfriendly. Without having > confirmed, I'm pretty sure you need something like: > > PoliciesExt.certPolicy0.enable=true > PoliciesExt.certPolicy0.policyId=1.3.6.1.4.1.6.1.1.1.1 > PoliciesExt.certPolicy0.PolicyQualifiers.num=2 > PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true > PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=http://url.com/ > PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.enable=true > PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.explicitText.value=Some > text Here > > PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.noticeReference.noticeNumbers=1 > PoliciesExt.certPolicy0.PolicyQualifiers1.usernotice.noticeReference.organization=Company > text Here > > Each policy qualified can be either a CPS URI or a user notice, so > if you want both, you need two qualifiers. This is not a > restriction in Dogtag, rather it is part of X.509 standard: > > > Qualifier ::= CHOICE { > cPSuri CPSuri, > userNotice UserNotice } > > Hope that helps! > > Cheers, > Fraser >
_______________________________________________ Pki-users mailing list Pki-users@redhat.com https://www.redhat.com/mailman/listinfo/pki-users
