Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 152

Chapter 4. Certificate Manager
3. Open the configuration file, CS.cfg.
4. Add the new attributes to the configuration file.
For example, to add three proprietary attributes, MYATTR1 that is a DirectoryString, MYATTR2
that is an IA5String, and MYATTR3 that is a PrintableString, add the following lines at the
end of the configuration file:
X500Name.attr.MYATTR1.oid=1.2.3.4.5.6
X500Name.attr.MYATTR1.class=netscape.security.x509.DirStrConverter
X500Name.attr.MYATTR2.oid=11.22.33.44.55.66
X500Name.attr.MYATTR2.class=netscape.security.x509.IA5StringConverter
X500Name.attr.MYATTR3.oid=111.222.333.444.555.666
X500Name.attr.MYATTR3.class=netscape.security.x509.PrintableConverter
5. Save the changes, and close the file.
6. Restart the Certificate Manager.
/etc/init.d/rhpki-ca start
7. Reload the enrollment page and verify the changes; the new attributes should show up in the form.
8. To verify that the new attributes are in effect, request a certificate using the manual enrollment
form.
Enter values for the new attributes so that it can be verified that they appear in the certificate
subject names. For example, enter the following values for the new attributes and look for them in
the subject name:
MYATTR1: a_value
MYATTR2: a.Value
MYATTR3: aValue
cn: John Doe
o: Example Corporation
9. Open the agent services page, and approve the request.
10. When the certificate is issued, check the subject name. The certificate should show the new
attribute values in the subject name.
4.12.1.2. Changing the DER-Encoding Order
It is possible to change the DER-encoding order of a DirectoryString, so that the string is
configurable since different clients support different encodings.
The syntax for changing the DER-encoding order of a DirectoryString is as follows:
X500Name.dirStringEncodingOrder=encoding_list_separated_by_commas
The possible encoding values are as follows:
130