Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 87

X500Name.NEW_ATTRNAME.oid=n.n.n.n
X500Name.NEW_ATTRNAME.class=string_to_DER_value_converter_class
The value converter class converts a string to an ASN.1 value; this class must implement the
netscape.security.x509.AVAValueConverter interface. The string-to-value converter class
can be one of the following:
• netscape.security.x509.PrintableConverter converts a string to a PrintableString
value. The string must have only printable characters.
• netscape.security.x509.IA5StringConverter converts a string to an IA5String value.
The string must have only IA5String characters.
• netscape.security.x509.DirStrConverter converts a string to a DirectoryString. The
string is expected to be in DirectoryString format according to RFC 2253.
• netscape.security.x509.GenericValueConverter converts a string character by character
in the following order, from the smallest characterset to the largest:
• Printable
• IA5String
• BMPString
• Universal String
An attribute entry looks like the following:
X500Name.MY_ATTR.oid=1.2.3.4.5.6
X500Name.MY_ATTR.class=netscape.security.x509.DirStrConverter
2.7.2.1. Adding New or Custom Attributes
To add a new or proprietary attribute to the Certificate System schema, do the following:
1. Stop the Certificate Manager.
service pki-ca stop
2. Open the /var/lib/pki-ca/conf directory.
3. Open the configuration file, CS.cfg.
4. Add the new attributes to the configuration file.
For example, to add three proprietary attributes, MYATTR1 that is a DirectoryString, MYATTR2
that is an IA5String, and MYATTR3 that is a PrintableString, add the following lines at the
end of the configuration file:
X500Name.attr.MYATTR1.oid=1.2.3.4.5.6
X500Name.attr.MYATTR1.class=netscape.security.x509.DirStrConverter
Changing DN Attributes in CA-Issued Certificates
65