Exporting Certificate Profile - dogtagpki/pki GitHub Wiki
This page describes the process to export a certificate profile from CA.
To export the profile configuration into XML format:
$ pki -n caadmin ca-profile-show caUserCert --output caUserCert.xml -------------------- Profile "caUserCert" -------------------- ------------------------------------------ Saved profile caUserCert to caUserCert.xml ------------------------------------------
The output file will look like the following:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Profile xmlns:ns2="http://www.w3.org/2005/Atom" id="caUserCert">
<classId>caEnrollImpl</classId>
<name>Manual User Dual-Use Certificate Enrollment</name>
<description>This certificate profile is for enrolling user certificates.</description>
<enabled>true</enabled>
<visible>true</visible>
<enabledBy>caadmin</enabledBy>
<authzAcl></authzAcl>
<renewal>false</renewal>
<xmlOutput>false</xmlOutput>
<Input id="i1">
<ClassID>keyGenInputImpl</ClassID>
<Name>Key Generation</Name>
<Attribute name="cert_request_type">
<Descriptor>
<Syntax>keygen_request_type</Syntax>
<Description>Key Generation Request Type</Description>
</Descriptor>
</Attribute>
<Attribute name="cert_request">
<Descriptor>
<Syntax>keygen_request</Syntax>
<Description>Key Generation Request</Description>
</Descriptor>
</Attribute>
</Input>
...
<Output id="o1">
<name>Certificate Output</name>
<classId>certOutputImpl</classId>
<attributes name="pretty_cert">
<Descriptor>
<Syntax>pretty_print</Syntax>
<Description>Certificate Pretty Print</Description>
</Descriptor>
</attributes>
<attributes name="b64_cert">
<Descriptor>
<Syntax>pretty_print</Syntax>
<Description>Certificate Base-64 Encoded</Description>
</Descriptor>
</attributes>
</Output>
<PolicySets>
<PolicySet>
<id>userCertSet</id>
<value id="1">
<def id="Subject Name Default" classId="userSubjectNameDefaultImpl">
<description>This default populates a User-Supplied Certificate Subject Name to the request.</description>
<policyAttribute name="name">
<Descriptor>
<Syntax>string</Syntax>
<Description>Subject Name</Description>
</Descriptor>
</policyAttribute>
</def>
<constraint id="Subject Name Constraint">
<description>This constraint accepts the subject name that matches UID=.*</description>
<classId>subjectNameConstraintImpl</classId>
<constraint id="pattern">
<descriptor>
<Syntax>string</Syntax>
<Description>Subject Name Pattern</Description>
</descriptor>
<value>UID=.*</value>
</constraint>
</constraint>
</value>
...
</PolicySet>
</PolicySets>
<link href="https://pki.example.com:8443/ca/rest/profiles/caUserCert" rel="self"/>
</Profile>
To export the profile configuration into Raw format:
$ pki -n caadmin ca-profile-show caUserCert --output caUserCert.cfg --raw ------------------------------------------ Saved profile caUserCert to caUserCert.cfg ------------------------------------------
The output file will look like the following:
#Tue Jul 10 00:58:57 CEST 2018 policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.3.constraint.params.keyType=RSA input.i2.class_id=subjectNameInputImpl policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 output.o1.class_id=certOutputImpl policyset.userCertSet.3.default.name=Key Default ...