Red Hat CERTIFICATE SYSTEM 7.3 - AGENT GUIDE Manual page 34

Chapter 3. CA: Working with Certificate Profiles
Profile Policy Set
userCertSet.4 (Authority Key
Identifier)
userCertSet.5 (AIA extension)
userCertSet.6 (Key Usage)
userCertSet.7 - Extended Key
Usage
userCertSet.8 - Subject Alt
Name Constraint
userCertSet.9 - SigningAlg
The keytype should be RSA.
1
28
Defaults
No defaults
authinfoaccesscritical = false
authinfoaccessADMethod_0=
OID
authinfoaccessADLocation-
Type_0=URIName
authinfoaccessADE-
nable_0=true
authinfoaccessADLocation_0=
Populates a Key Usage exten-
sion (2.5.29.15) to the re-
quest. The default values are as
follows:
Criticality=true
Digital Signature=true
Non-Repudiation=true
Key Encipherment=true
Data Encipherment=false
Key Agreement=false
Key Certificate Sign=false
Key CRL Sign=false
Encipher Only=false
Decipher Only=false
Populates an Extended Key Us-
age extension to the request.
The default values are Crit-
icality=false and
OIDs=1.3.6.1.5.5.7.3.2,
1.3.6.1.5.5.7.3.4.
Populates a Subject Alternative
Name extension (2.5.29.17)
to the request. The default val-
ues are Criticality=false
and Record
#0{Pattern:$request.req
uester_email$,Pattern
Type:RFC822Name,Enable:
true}.
Populates the certificate signing
algorithm. The default value is
Algorithm=SHA1withRSA.
Constraints
No constraints
No constraints
Accepts the Key Usage exten-
sion, if present, only when the
default values are set.
No constraints
No constraints
Accepts only the following sign-
ing algorithms:
SHA1withRSA
SHA256withRSA
SHA512withRSA
MD5withRSA
MD2withRSA