Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE Agents Manual page 30

Chapter 2. CA: Working with Certificate Profiles
The profile next must define the output, meaning the format of the final certificate. There are several
pre-defined outputs. More than one of these can be used, but none of the values of the output can be
modified.
output.list=o1
output.o1.class_id=certOutputImpl
For caUserCert, the output displays the certificate in pretty print format. This output needs to be
specified for any automated enrollment. Once a user successfully authenticates using the automated
enrollment method and is authorized to receive the certificate, the certificate is automatically
generated, and this output page is returned to the user. In an agent-approved enrollment, the user can
get the certificate, once it is issued, by providing the request ID in the CA end entities page.
The last — largest — block of configuration is the policy set for the profile. Policy sets list all of the
settings that are applied to the final certificate, like its validity period, its renewal settings, and the
actions the certificate can be used for. The policyset.list parameter identifies the block name
of the policies applied to the certificate; the policyset.userCertSet.list lists the individual
policies to apply.
For example, the sixth policy populates the Key Usage Extension automatically in the certificate,
according to the configuration in the policy. It sets the defaults and requires the certificate to use those
defaults by setting the constraints:
policyset.list=userCertSet
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
...
20