search

dogtagpki / pki

The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
https://www.dogtagpki.org
GNU General Public License v2.0
363 stars 135 forks source link

GenericExtension: allow CA admin to define a list of allowable custom extensions #1334

Open pki-bot opened 3 years ago

pki-bot commented 3 years ago

This issue was migrated from Pagure Issue #767. Originally filed by cfu (@cfu) on 2013-10-15 19:51:41:

This ticket results from https://bugzilla.redhat.com/show_bug.cgi?id=1011984 Issue with Generic Extension being critical

While currently our CA is conforming to RFC5280: " ...Conforming CAs MAY support extensions that are not identified within this specification; certificate issuers are cautioned that marking such extensions as critical may inhibit interoperability. ... "

We would like to provide a more friendly/flexible and yet secure mechanism to allow CA admins to define a list of allowable custom extensions and its criticality.

pki-bot commented 3 years ago

Comment from cfu (@cfu) at 2017-02-27 14:03:21

Metadata Update from @cfu: