Extending Attribute Support - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual

Attribute
unstructuredaddress
Table 4.3. Allowed Characters for Value Types

4.12.1. Extending Attribute Support

By default, the Certificate System supports the attributes identified in
for Value Types". This list of supported attributes can be extended by creating or adding new
attributes. The syntax for adding additional X.500Name attributes, or components, is as follows:
X500Name.NEW_ATTRNAME.oid=n.n.n.n
X500Name.NEW_ATTRNAME.class=string_to_DER_value_converter_class
The value converter class converts a string to an ASN.1 value; this class must implement the
netscape.security.x509.AVAValueConverter interface. The string-to-value converter class
can be one of the following:
• netscape.security.x509.PrintableConverter converts a string to a PrintableString
value. The string must have only printable characters.
• netscape.security.x509.IA5StringConverter converts a string to an IA5String value.
The string must have only IA5String characters.
• netscape.security.x509.DirStrConverter converts a string to a DirectoryString. The
string is expected to be in DirectoryString format according to RFC 2253.
• netscape.security.x509.GenericValueConverter converts a string character by character
in the following order, from the smallest characterset to the largest:
• Printable
• IA5String
• BMPString
• Universal String
An attribute entry looks like the following:
X500Name.MY_ATTR.oid=1.2.3.4.5.6
X500Name.MY_ATTR.class=netscape.security.x509.DirStrConverter
4.12.1.1. Adding New or Proprietary Attributes
To add a new or proprietary attribute to the Certificate System schema, do the following:
1. Stop the Certificate Manager.
/etc/init.d/rhpki-ca stop
2. Open the /var/lib/rhpki-ca/conf directory.
Value Type
PrintableString
Extending Attribute Support
Object Identifier
1.2.840.113549.1.9.8
Table 4.3, "Allowed Characters
129