Exporting Certificate Profile - dogtagpki/pki GitHub Wiki
This page describes the process to export a certificate profile from CA.
To export the profile configuration into XML format:
$ pki -n caadmin ca-profile-show caUserCert --output caUserCert.xml -------------------- Profile "caUserCert" -------------------- ------------------------------------------ Saved profile caUserCert to caUserCert.xml ------------------------------------------
The output file will look like the following:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <Profile xmlns:ns2="http://www.w3.org/2005/Atom" id="caUserCert"> <classId>caEnrollImpl</classId> <name>Manual User Dual-Use Certificate Enrollment</name> <description>This certificate profile is for enrolling user certificates.</description> <enabled>true</enabled> <visible>true</visible> <enabledBy>caadmin</enabledBy> <authzAcl></authzAcl> <renewal>false</renewal> <xmlOutput>false</xmlOutput> <Input id="i1"> <ClassID>keyGenInputImpl</ClassID> <Name>Key Generation</Name> <Attribute name="cert_request_type"> <Descriptor> <Syntax>keygen_request_type</Syntax> <Description>Key Generation Request Type</Description> </Descriptor> </Attribute> <Attribute name="cert_request"> <Descriptor> <Syntax>keygen_request</Syntax> <Description>Key Generation Request</Description> </Descriptor> </Attribute> </Input> ... <Output id="o1"> <name>Certificate Output</name> <classId>certOutputImpl</classId> <attributes name="pretty_cert"> <Descriptor> <Syntax>pretty_print</Syntax> <Description>Certificate Pretty Print</Description> </Descriptor> </attributes> <attributes name="b64_cert"> <Descriptor> <Syntax>pretty_print</Syntax> <Description>Certificate Base-64 Encoded</Description> </Descriptor> </attributes> </Output> <PolicySets> <PolicySet> <id>userCertSet</id> <value id="1"> <def id="Subject Name Default" classId="userSubjectNameDefaultImpl"> <description>This default populates a User-Supplied Certificate Subject Name to the request.</description> <policyAttribute name="name"> <Descriptor> <Syntax>string</Syntax> <Description>Subject Name</Description> </Descriptor> </policyAttribute> </def> <constraint id="Subject Name Constraint"> <description>This constraint accepts the subject name that matches UID=.*</description> <classId>subjectNameConstraintImpl</classId> <constraint id="pattern"> <descriptor> <Syntax>string</Syntax> <Description>Subject Name Pattern</Description> </descriptor> <value>UID=.*</value> </constraint> </constraint> </value> ... </PolicySet> </PolicySets> <link href="https://pki.example.com:8443/ca/rest/profiles/caUserCert" rel="self"/> </Profile>
To export the profile configuration into Raw format:
$ pki -n caadmin ca-profile-show caUserCert --output caUserCert.cfg --raw ------------------------------------------ Saved profile caUserCert to caUserCert.cfg ------------------------------------------
The output file will look like the following:
#Tue Jul 10 00:58:57 CEST 2018 policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.3.constraint.params.keyType=RSA input.i2.class_id=subjectNameInputImpl policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 output.o1.class_id=certOutputImpl policyset.userCertSet.3.default.name=Key Default ...