Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 46

Chapter 2. Making Rules for Issuing Certificates
authorized), the information that is included in the certificate content, and how long the certificate is
valid.
The profile itself is defined in a special .cfg file in the /var/lib/subsystem_name/profiles/ca
directory for the CA. The parameters for this file defining the inputs, outputs, and policysets are listed
Section 2.2.3, "Creating and Editing Certificate Profiles through the Command
in more detail in
A profile usually contains inputs, policy sets, and outputs, as illustrated in the caUserCert profile in
Example 2.1, "Example caUserCert
The first part of a certificate profile is the description. This shows the name, long description, whether it
is enabled, and who enabled it.
desc=This certificate profile is for enrolling user certificates.
visible=true
enable=true
enableBy=admin
name=Manual User Dual-Use Certificate Enrollment
Next, the profile lists all of the required inputs for the profile:
input.list=i1,i2,i3
input.i1.class_id=keyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
For the caUserCert profile, this defines the keys to generate, the fields to use in the subject name,
and the fields to use for the person submitting the certificate.
• Key generation specifies that the key pair generation during the request submission be CRMF-
based and has a drop-down menu to select the key bit size.
• Subject name is used when distinguished name (DN) parameters need to be collected from the
user; the user DN can be used to create the subject name in the certificate.
• UID (for the user in the LDAP directory)
• Email
• Common name
• Organizational unit
• Organization
• Country
• Requester. This input has three form fields:
• Requester name
• Requester email
• Requester phone
The profile next must define the output, meaning the format of the final certificate. There are several
pre-defined outputs. More than one of these can be used, but none of the values of the output can be
modified.
24
Profile".
Line".