The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
While currently our CA is conforming to RFC5280:
"
...Conforming CAs MAY support extensions that are not identified within
this specification; certificate issuers are cautioned that marking
such extensions as critical may inhibit interoperability.
...
"
We would like to provide a more friendly/flexible and yet secure mechanism to allow CA admins to define a list of allowable custom extensions and its criticality.
This issue was migrated from Pagure Issue #767. Originally filed by cfu (@cfu) on 2013-10-15 19:51:41:
This ticket results from https://bugzilla.redhat.com/show_bug.cgi?id=1011984 Issue with Generic Extension being critical
While currently our CA is conforming to RFC5280: " ...Conforming CAs MAY support extensions that are not identified within this specification; certificate issuers are cautioned that marking such extensions as critical may inhibit interoperability. ... "
We would like to provide a more friendly/flexible and yet secure mechanism to allow CA admins to define a list of allowable custom extensions and its criticality.