Typical certificate profile configuration includes section configuring ValidityDefault and ValidityConstraint plug-ins.

Sample below shows default configuration included in caUserCert profile (/usr/share/pki/ca/profiles/ca/caUserCert.cfg).

ValidityDefault plug-in configuration in caUserCert.cfg:

ValidityConstraint plug-in configuration in caUserCert.cfg:

Profile needs to be disabled to initiate profile editing.

Here are sample steps:

• Selecting caUserCert profile (Manual User Dual-Use Certificate Enrollment)

• Disabling caUserCert profile (Manual User Dual-Use Certificate Enrollment):

Disabled profile can be edited.

Here are sample steps:

• Selecting caUserCert profile for editing

• Editing caUserCert profile

Review current validity configuration before replacing it with randomized validity plug-in.

Here are sample steps:

• Check current validity defaults

• Check current validity constraints

Delete current validity plug-in.

Here are sample steps:

• Select current validity plug-in

• Confirm validity plug-in removal

• Check if validity plug-in was deleted.

Add randomized validity plug-in.

Here are sample steps:

• Press add button in profile editor

• Select "Randomized Validity Default" and "Validity Constraint"

• Enter "Policy ID"

• Update "Validity Default" configuration

• Update "Validity Constraint" configuration and save configuration updates

• Check new randomized validity plug-in

• Select caUserCert profile (Manual User Dual-Use Certificate Enrollment)

• Approve update caUserCert profile (Manual User Dual-Use Certificate Enrollment)

Sample below shows updated caUserCert profile configuration including randomized validity plug-in;