Red Hat Bugzilla – Bug 442836
Need sample profile with EKU for Microsoft smartcard login
Last modified: 2015-01-04 18:31:58 EST
Description of problem:
I don't see a sample profile that contains the EKU OID for Microsoft smartcard
login. The OID is 188.8.131.52.4.3184.108.40.206
We should have a sample profile that people can use as a starting point for
their custom profiles.
I need this for Samba4 testing with smart cards. I have a developer who wants
to work on this feature (for Samba), but for me to test his work, I need to
setup a dogtag CA for my test network.
Created attachment 333419 [details]
The profile example for MS login
Created attachment 333420 [details]
The corresponding changes needed to register the new profile in CS.cfg
You will need patches from
* put this profile in <install dir>/profiles/ca
* modify the profile to match your env. e.g. the basedn for ldap search, hostname and port, crl distribution point.
* update your CS.cfg to have the profile defs (if you are putting this in existin g installation).. if you install new from the newest build, you will not need to do any mod here.
* update TPS's CS.cfg to have a profile pointing to this CA enroll profile,
It is assumed that you have populated the "upn" in user ldap entries.
already reviewed by awnuk.
$ svn commit conf/CS.cfg profiles/ca/caTokenMSLoginEnrollment.cfg
Transmitting file data ..
Committed revision 258.
The following profile exists with Extended Key Usage
Certificate Profile Id: caTokenMSLoginEnrollment
Certificate Profile Name: Token User MS Login Certificate Enrollment
Description: This profile is for enrolling MS Login Certificate
This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=220.127.116.11.18.104.22.168.2,22.214.171.124.4.1.3126.96.36.199