Description of problem: I don't see a sample profile that contains the EKU OID for Microsoft smartcard login. The OID is 1.3.6.1.4.311.20.2.2 We should have a sample profile that people can use as a starting point for their custom profiles.
I need this for Samba4 testing with smart cards. I have a developer who wants to work on this feature (for Samba), but for me to test his work, I need to setup a dogtag CA for my test network.
Created attachment 333419 [details] The profile example for MS login
Created attachment 333420 [details] The corresponding changes needed to register the new profile in CS.cfg
You will need patches from https://bugzilla.redhat.com/show_bug.cgi?id=481790 and https://bugzilla.redhat.com/show_bug.cgi?id=487592 to work. To activate, * put this profile in <install dir>/profiles/ca * modify the profile to match your env. e.g. the basedn for ldap search, hostname and port, crl distribution point. * update your CS.cfg to have the profile defs (if you are putting this in existin g installation).. if you install new from the newest build, you will not need to do any mod here. * update TPS's CS.cfg to have a profile pointing to this CA enroll profile, e.g. op.enroll.userKey.keyGen.signing.ca.profileId=caTokenMSLiginEnrollment NOTE: It is assumed that you have populated the "upn" in user ldap entries.
already reviewed by awnuk. $ svn commit conf/CS.cfg profiles/ca/caTokenMSLoginEnrollment.cfg Sending conf/CS.cfg Adding profiles/ca/caTokenMSLoginEnrollment.cfg Transmitting file data .. Committed revision 258.
Verified: The following profile exists with Extended Key Usage Certificate Profile Id: caTokenMSLoginEnrollment Certificate Profile Name: Token User MS Login Certificate Enrollment Description: This profile is for enrolling MS Login Certificate p15 This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.4.1.311.20.2.2 No Constraint