Example Profile - Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE Manual

Profile ID
Table 2.1. List of Certificate Profiles

3.1. Example Profile

An example caUserCert profile, as shipped with the server, is described here. A profile usually contains inputs, policy
sets, and outputs. The default caUserCert certificate profile contains the following:
• Profile description.
This profile is for issuing user, or client, certificates.
• Profile inputs.
• Key generation. This sets that the key pair generation during the request submission is CRMF-based and 1024-bit.
This is a read-only field.
• Subject name. The subject name input is used when distinguished name (DN) parameters need to be collected from
the user; the user DN can be used to create the subject name in the certificate. This input uses the following form
fields:
• UID. The user ID of the user in the LDAP directory.
• Email. The email address of the user.
• Common name. The name of the user.
• Organizational unit. The organizational unit to which the user belongs.
• Organization. The organization name.
• Country. The country where the user is located.
• Requester. This input uses the following form fields:
• Requester name. The name of the certificate requester.
• Requester email. The email address of the certificate requester.
• Requester phone. The phone number of the certificate requester.
• Profile policy sets.
The different policy sets that are set by default on caUserCert are listed in Table 2.2, "caUserCert - Profile Policy
Sets".
Profile Policy Set
set1 - SubjectName
set2 - Validity
set3 - Key
3.1. Example Profile
Profile Name
ment
Defaults
No defaults
range = 180 days
No defaults
14
Description
ing smart card-based enrollments initi-
ated through the TPS server for sign-
ing certificates.
Constraints
Subject name should match the
regular expression of the form
uid=.*.
The range is less than 365 days.
The notbefore and notafter
date checks are turned off.
keytype = RSA
Chapter 2. CA: Working with Certificate