Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 1478267 Details for
Bug 1621387
pki ca-profile-add does not add signingAlgsAllowed setting when creating a custom profile
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
custom profile XML
caAgentFoobar.xml (text/plain), 25.06 KB, created by
Sumedh Sidhaye
on 2018-08-23 15:32:35 UTC
(
hide
)
Description:
custom profile XML
Filename:
MIME Type:
Creator:
Sumedh Sidhaye
Created:
2018-08-23 15:32:35 UTC
Size:
25.06 KB
patch
obsolete
><Profile id="caAgentFoobar"> > <classId>caEnrollImpl</classId> > <name>caAgentFoobar Enrollment Profile</name> > <description>This certificate profile is for enrolling user certificates</description> > <enabled>false</enabled> > <visible>true</visible> > <enabledBy/> > <authzAcl/> > <renewal>false</renewal> > <xmlOutput>false</xmlOutput> > <Input id="i1"> > <ClassID>keyGenInputImpl</ClassID> > <Name>Key Generation</Name> > <Attribute name="cert_request_type"> > <Descriptor> > <Syntax>keygen_request_type</Syntax> > <Description>Key Generation Request Type</Description> > </Descriptor> > </Attribute> > <Attribute name="cert_request"> > <Descriptor> > <Syntax>keygen_request</Syntax> > <Description>Key Generation Request</Description> > </Descriptor> > </Attribute> > </Input> > <Input id="i2"> > <ClassID>subjectNameInputImpl</ClassID> > <Name>Subject Name</Name> > <Attribute name="sn_uid"> > <Descriptor> > <Syntax>string</Syntax> > <Description>UID</Description> > </Descriptor> > </Attribute> > <Attribute name="sn_e"> > <Descriptor> > <Syntax>string</Syntax> > <Description>Email</Description> > </Descriptor> > </Attribute> > <Attribute name="sn_cn"> > <Descriptor> > <Syntax>string</Syntax> > <Description>Common Name</Description> > </Descriptor> > </Attribute> > <Attribute name="sn_ou3"> > <Descriptor> > <Syntax>string</Syntax> > <Description>Organizational Unit 3</Description> > </Descriptor> > </Attribute> > <Attribute name="sn_ou2"> > <Descriptor> > <Syntax>string</Syntax> > <Description>Organizational Unit 2</Description> > </Descriptor> > </Attribute> > <Attribute name="sn_ou1"> > <Descriptor> > <Syntax>string</Syntax> > <Description>Organizational Unit 1</Description> > </Descriptor> > </Attribute> > <Attribute name="sn_ou"> > <Descriptor> > <Syntax>string</Syntax> > <Description>Organizational Unit</Description> > </Descriptor> > </Attribute> > <Attribute name="sn_o"> > <Descriptor> > <Syntax>string</Syntax> > <Description>Organization</Description> > </Descriptor> > </Attribute> > <Attribute name="sn_c"> > <Descriptor> > <Syntax>string</Syntax> > <Description>Country</Description> > </Descriptor> > </Attribute> > </Input> > <Input id="i3"> > <ClassID>submitterInfoInputImpl</ClassID> > <Name>Requestor Information</Name> > <Attribute name="requestor_name"> > <Descriptor> > <Syntax>string</Syntax> > <Description>Requestor Name</Description> > </Descriptor> > </Attribute> > <Attribute name="requestor_email"> > <Descriptor> > <Syntax>string</Syntax> > <Description>Requestor Email</Description> > </Descriptor> > </Attribute> > <Attribute name="requestor_phone"> > <Descriptor> > <Syntax>string</Syntax> > <Description>Requestor Phone</Description> > </Descriptor> > </Attribute> > </Input> > <Output id="o1"> > <name>Certificate Output</name> > <classId>certOutputImpl</classId> > <attributes name="pretty_cert"> > <Descriptor> > <Syntax>pretty_print</Syntax> > <Description>Certificate Pretty Print</Description> > </Descriptor> > </attributes> > <attributes name="b64_cert"> > <Descriptor> > <Syntax>pretty_print</Syntax> > <Description>Certificate Base-64 Encoded</Description> > </Descriptor> > </attributes> > </Output> > <PolicySets> > <PolicySet> > <id>pkitest1</id> > <value id="1"> > <def classId="userSubjectNameDefaultImpl" id="Subject Name Default"> > <description>This default populates a User-SuppliedCertificate Subject Name to the request</description> > <policyAttribute name="name"> > <Descriptor> > <Syntax>string</Syntax> > <Description>Subject Name</Description> > <DefaultValue/> > </Descriptor> > </policyAttribute> > </def> > <constraint id="Subject Name Constraint"> > <description>This constraint accepts the subject name that matches UID=.*</description> > <classId>subjectNameConstraintImpl</classId> > <constraint id="pattern"> > <descriptor> > <Syntax>string</Syntax> > <Description>Subject Name Pattern</Description> > </descriptor> > <value>UID=.*</value> > </constraint> > </constraint> > </value> > <value id="2"> > <def classId="noDefaultImpl" id="No Default"> > <description>No Default</description> > </def> > <constraint id="Renewal Grace Period Constraint"> > <description>This constraint rejects the validity that is not between 2 days beforeand 2 days after original cert expiration date days.</description> > <classId>renewGracePeriodConstraintImpl</classId> > <constraint id="renewal.graceBefore"> > <descriptor> > <Syntax>integer</Syntax> > <Description>Renewal Grace Period Before</Description> > <DefaultValue>2</DefaultValue> > </descriptor> > <value>2</value> > </constraint> > <constraint id="renewal.graceAfter"> > <descriptor> > <Syntax>integer</Syntax> > <Description>Renewal Grace Period After</Description> > <DefaultValue>2</DefaultValue> > </descriptor> > <value>2</value> > </constraint> > </constraint> > </value> > <value id="3"> > <def classId="validityDefaultImpl" id="Validity Default"> > <description>This default populates a CertificateValidity to the request. The default values are Range=180 in days</description> > <policyAttribute name="notBefore"> > <Descriptor> > <Syntax>string</Syntax> > <Description>Not Before</Description> > <DefaultValue/> > </Descriptor> > </policyAttribute> > <policyAttribute name="notAfter"> > <Descriptor> > <Syntax>string</Syntax> > <Description>Not After</Description> > <DefaultValue/> > </Descriptor> > </policyAttribute> > <params name="range"> > <value>1</value> > </params> > <params name="rangeUnit"> > <value>minute</value> > </params> > <params name="startTime"> > <value>0</value> > </params> > </def> > <constraint id="Validity Constraint"> > <description>This constraint rejects the validity that is not between 15 days.</description> > <classId>validityConstraintImpl</classId> > <constraint id="range"> > <descriptor> > <Syntax>integer</Syntax> > <Description>Validity Range (in days)</Description> > <DefaultValue>1</DefaultValue> > </descriptor> > <value>15</value> > </constraint> > <constraint id="notBeforeGracePeriod"> > <descriptor> > <Syntax>integer</Syntax> > <Description>Grace period for Not Before being set in the future (in seconds).</Description> > <DefaultValue>0</DefaultValue> > </descriptor> > <value/> > </constraint> > <constraint id="notBeforeCheck"> > <descriptor> > <Syntax>boolean</Syntax> > <Description>Check Not Before against current time</Description> > <DefaultValue>false</DefaultValue> > </descriptor> > <value>false</value> > </constraint> > <constraint id="notAfterCheck"> > <descriptor> > <Syntax>boolean</Syntax> > <Description>Check Not After against Not Before</Description> > <DefaultValue>false</DefaultValue> > </descriptor> > <value>false</value> > </constraint> > </constraint> > </value> > <value id="4"> > <def classId="extendedKeyUsageExtDefaultImpl" id="Extended Key Usage Extension Default"> > <description>This default populates an Extended Key Usage Extension () to the request.The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4</description> > <policyAttribute name="exKeyUsageCritical"> > <Descriptor> > <Syntax>boolean</Syntax> > <Description>Criticality</Description> > <DefaultValue>false</DefaultValue> > </Descriptor> > </policyAttribute> > <policyAttribute name="exKeyUsageOIDs"> > <Descriptor> > <Syntax>string_list</Syntax> > <Description>Comma-Separated list of Object Identifiers</Description> > <DefaultValue>false</DefaultValue> > </Descriptor> > </policyAttribute> > <params name="exKeyUsageCritical"> > <value>false</value> > </params> > <params name="exKeyUsageOIDs"> > <value>1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4</value> > </params> > </def> > <constraint id="No Constraint"> > <description>No Constraint</description> > <classId>noConstraintImpl</classId> > </constraint> > </value> > <value id="5"> > <def classId="subjectAltNameExtDefaultImpl" id="Subject Alt Name Constraint"> > <description>This default populates a Subject Alternative Name Extension (2.5.29.17) to the request.The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}</description> > <policyAttribute name="subjAltNameExtCritical"> > <Descriptor> > <Syntax>boolean</Syntax> > <Description>Criticality</Description> > <DefaultValue>false</DefaultValue> > </Descriptor> > </policyAttribute> > <policyAttribute name="subjAltNames"> > <Descriptor> > <Syntax>string_list</Syntax> > <Description>General Names</Description> > <DefaultValue/> > </Descriptor> > </policyAttribute> > <params name="subjAltNameExtCritical"> > <value>false</value> > </params> > <params name="subjAltNameNumGNs"> > <value>1</value> > </params> > <params name="subjAltExtType_0"> > <value>RFC822Name</value> > </params> > <params name="subjAltExtPattern_0"> > <value>$request.requestor_email$</value> > </params> > <params name="subjAltExtGNEnable_0"> > <value>true</value> > </params> > </def> > <constraint id="No Constraint"> > <description>No Constraint</description> > <classId>noConstraintImpl</classId> > </constraint> > </value> > <value id="6"> > <def classId="userKeyDefaultImpl" id="Key Default"> > <description>This default populates a User-Supplied Certificate Key to the request</description> > <policyAttribute name="TYPE"> > <Descriptor> > <Syntax>string</Syntax> > <Constraint>readonly</Constraint> > <Description>Key Type</Description> > <DefaultValue/> > </Descriptor> > </policyAttribute> > <policyAttribute name="LEN"> > <Descriptor> > <Syntax>string</Syntax> > <Constraint>readonly</Constraint> > <Description>Key Length</Description> > <DefaultValue/> > </Descriptor> > </policyAttribute> > <policyAttribute name="KEY"> > <Descriptor> > <Syntax>string</Syntax> > <Constraint>readonly</Constraint> > <Description>Key</Description> > <DefaultValue/> > </Descriptor> > </policyAttribute> > </def> > <constraint id="Key Constraint"> > <description>This constraint accepts the key only if Key Type=-, Key Parameters =1024,2048,3072,4096,nistp256,nistp384,nistp521</description> > <classId>keyConstraintImpl</classId> > <constraint id="keyType"> > <descriptor> > <Syntax>choice</Syntax> > <Constraint>-,RSA,EC</Constraint> > <Description>Key Type</Description> > <DefaultValue>RSA</DefaultValue> > </descriptor> > <value>-</value> > </constraint> > <constraint id="keyParameters"> > <descriptor> > <Syntax>string</Syntax> > <Description>Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or:nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.</Description> > </descriptor> > <value>1024,2048,3072,4096,nistp256,nistp384,nistp521</value> > </constraint> > </constraint> > </value> > <value id="7"> > <def classId="authorityKeyIdentifierExtDefaultImpl" id="Authority Key Identifier Default"> > <description>This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.</description> > <policyAttribute name="critical"> > <Descriptor> > <Syntax>string</Syntax> > <Constraint>readonly</Constraint> > <Description>Criticality</Description> > <DefaultValue/> > </Descriptor> > </policyAttribute> > <policyAttribute name="keyid"> > <Descriptor> > <Syntax>string</Syntax> > <Constraint>readonly</Constraint> > <Description>Key ID</Description> > <DefaultValue/> > </Descriptor> > </policyAttribute> > </def> > <constraint id="No Constraint"> > <description>No Constraint</description> > <classId>noConstraintImpl</classId> > </constraint> > </value> > <value id="8"> > <def classId="authInfoAccessExtDefaultImpl" id="AIA Extension Default"> > <description>This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false,Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}</description> > <policyAttribute name="authInfoAccessCritical"> > <Descriptor> > <Syntax>boolean</Syntax> > <Description>Criticality</Description> > <DefaultValue>false</DefaultValue> > </Descriptor> > </policyAttribute> > <policyAttribute name="authInfoAccessGeneralNames"> > <Descriptor> > <Syntax>string_list</Syntax> > <Description>General Names</Description> > <DefaultValue/> > </Descriptor> > </policyAttribute> > <params name="authInfoAccessCritical"> > <value>false</value> > </params> > <params name="authInfoAccessNumADs"> > <value>1</value> > </params> > <params name="authInfoAccessADMethod_0"> > <value>1.3.6.1.5.5.7.48.1</value> > </params> > <params name="authInfoAccessADLocationType_0"> > <value>URIName</value> > </params> > <params name="authInfoAccessADLocation_0"> > <value></value> > </params> > <params name="authInfoAccessADEnable_0"> > <value>true</value> > </params> > </def> > <constraint id="No Constraint"> > <description>No Constraint</description> > <classId>noConstraintImpl</classId> > </constraint> > </value> > <value id="9"> > <def classId="keyUsageExtDefaultImpl" id="Key Usage Default"> > <description>This default populates a Key Usage Extension (2.5.29.15) to the request,The default values are Criticality=true Digital Signature=true,Non-Repudiation=true,Key Encipherment=true, Data Encipherment=false, Key Agreement=falseKey Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false</description> > <policyAttribute name="keyUsageCritical"> > <Descriptor> > <Syntax>boolean</Syntax> > <Description>Criticality</Description> > <DefaultValue>false</DefaultValue> > </Descriptor> > </policyAttribute> > <policyAttribute name="keyUsageDigitalSignature"> > <Descriptor> > <Syntax>boolean</Syntax> > <Description>Digital Signature</Description> > <DefaultValue>false</DefaultValue> > </Descriptor> > </policyAttribute> > <policyAttribute name="keyUsageNonRepudiation"> > <Descriptor> > <Syntax>boolean</Syntax> > <Description>Non-Repudiation</Description> > <DefaultValue>false</DefaultValue> > </Descriptor> > </policyAttribute> > <policyAttribute name="keyUsageKeyEncipherment"> > <Descriptor> > <Syntax>boolean</Syntax> > <Description>Key Encipherment</Description> > <DefaultValue>false</DefaultValue> > </Descriptor> > </policyAttribute> > <policyAttribute name="keyUsageDataEncipherment"> > <Descriptor> > <Syntax>boolean</Syntax> > <Description>Data Encipherment</Description> > <DefaultValue>false</DefaultValue> > </Descriptor> > </policyAttribute> > <policyAttribute name="keyUsageKeyAgreement"> > <Descriptor> > <Syntax>boolean</Syntax> > <Description>Key Agreement</Description> > <DefaultValue>false</DefaultValue> > </Descriptor> > </policyAttribute> > <policyAttribute name="keyUsageKeyCertSign"> > <Descriptor> > <Syntax>boolean</Syntax> > <Description>Key CertSign</Description> > <DefaultValue>false</DefaultValue> > </Descriptor> > </policyAttribute> > <policyAttribute name="keyUsageCrlSign"> > <Descriptor> > <Syntax>boolean</Syntax> > <Description>CRL Sign</Description> > <DefaultValue>false</DefaultValue> > </Descriptor> > </policyAttribute> > <policyAttribute name="keyUsageEncipherOnly"> > <Descriptor> > <Syntax>boolean</Syntax> > <Description>Encipher Only</Description> > <DefaultValue>false</DefaultValue> > </Descriptor> > </policyAttribute> > <policyAttribute name="keyUsageDecipherOnly"> > <Descriptor> > <Syntax>boolean</Syntax> > <Description>Decipher Only</Description> > <DefaultValue>false</DefaultValue> > </Descriptor> > </policyAttribute> > <params name="keyUsageCritical"> > <value>true</value> > </params> > <params name="keyUsageDigitalSignature"> > <value>true</value> > </params> > <params name="keyUsageNonRepudiation"> > <value>true</value> > </params> > <params name="keyUsageKeyEncipherment"> > <value>true</value> > </params> > <params name="keyUsageDataEncipherment"> > <value>false</value> > </params> > <params name="keyUsageKeyAgreement"> > <value>false</value> > </params> > <params name="keyUsageKeyCertSign"> > <value>false</value> > </params> > <params name="keyUsageCrlSign"> > <value>false</value> > </params> > <params name="keyUsageEncipherOnly"> > <value>false</value> > </params> > <params name="keyUsageDecipherOnly"> > <value>false</value> > </params> > </def> > <constraint id="Key Usage Extension Constraint"> > <description>This constraint accepts the Key Usage extension, if present,only when Criticality=true, Digital Signature=true,Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false,'Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false</description> > <classId>keyUsageExtConstraintImpl</classId> > <constraint id="keyUsageCritical"> > <descriptor> > <Syntax>choice</Syntax> > <Constraint>true,false,-</Constraint> > <Description>Criticality</Description> > <DefaultValue>-</DefaultValue> > </descriptor> > <value>true</value> > </constraint> > <constraint id="keyUsageDigitalSignature"> > <descriptor> > <Syntax>choice</Syntax> > <Constraint>true,false,-</Constraint> > <Description>Digital Signature</Description> > <DefaultValue>-</DefaultValue> > </descriptor> > <value>true</value> > </constraint> > <constraint id="keyUsageNonRepudiation"> > <descriptor> > <Syntax>choice</Syntax> > <Constraint>true,false,-</Constraint> > <Description>Non-Repudiation</Description> > <DefaultValue>-</DefaultValue> > </descriptor> > <value>true</value> > </constraint> > <constraint id="keyUsageKeyEncipherment"> > <descriptor> > <Syntax>choice</Syntax> > <Constraint>true,false,-</Constraint> > <Description>Key Encipherment</Description> > <DefaultValue>-</DefaultValue> > </descriptor> > <value>true</value> > </constraint> > <constraint id="keyUsageDataEncipherment"> > <descriptor> > <Syntax>choice</Syntax> > <Constraint>true,false,-</Constraint> > <Description>Data Encipherment</Description> > <DefaultValue>-</DefaultValue> > </descriptor> > <value>false</value> > </constraint> > <constraint id="keyUsageKeyAgreement"> > <descriptor> > <Syntax>choice</Syntax> > <Constraint>true,false,-</Constraint> > <Description>Key Agreement</Description> > <DefaultValue>-</DefaultValue> > </descriptor> > <value>false</value> > </constraint> > <constraint id="keyUsageKeyCertSign"> > <descriptor> > <Syntax>choice</Syntax> > <Constraint>true,false,-</Constraint> > <Description>Key CertSign</Description> > <DefaultValue>-</DefaultValue> > </descriptor> > <value>false</value> > </constraint> > <constraint id="keyUsageCrlSign"> > <descriptor> > <Syntax>choice</Syntax> > <Constraint>true,false,-</Constraint> > <Description>CRL Sign</Description> > <DefaultValue>-</DefaultValue> > </descriptor> > <value>false</value> > </constraint> > <constraint id="keyUsageEncipherOnly"> > <descriptor> > <Syntax>choice</Syntax> > <Constraint>true,false,-</Constraint> > <Description>Encipher Only</Description> > <DefaultValue>-</DefaultValue> > </descriptor> > <value>false</value> > </constraint> > <constraint id="keyUsageDecipherOnly"> > <descriptor> > <Syntax>choice</Syntax> > <Constraint>true,false,-</Constraint> > <Description>Decipher Only</Description> > <DefaultValue>-</DefaultValue> > </descriptor> > <value>false</value> > </constraint> > </constraint> > </value> > <value id="10"> > <def classId="signingAlgDefaultImpl" id="Signing Alg"> > <description>This default populates the Certificate Signing Algorithm.The default values are Algorithm=SHA512withRSA</description> > <policyAttribute name="signingAlg"> > <Descriptor> > <Syntax>choice</Syntax> > <Constraint>SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA</Constraint> > <Description>Signing Algorithm</Description> > <DefaultValue/> > </Descriptor> > </policyAttribute> > <params name="signingAlg"> > <value>-</value> > </params> > </def> > <constraint id="No Constraint"> > <description>This constraint accepts only the Signing Algorithms of SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC</description> > <classId>signingAlgConstraintImpl</classId> > <constraint id="signingAlgsAllowed"> > <descriptor> > <Syntax>string</Syntax> > <Description>Allowed Signing Algorithms</Description> > <DefaultValue>SHA1withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC</DefaultValue> > </descriptor> > <value>SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC</value> > </constraint> > </constraint> > </value> > </PolicySet> > </PolicySets> ></Profile>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1478267">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1621387
: 1478267 |
1478268