Skip to content

Commit

Permalink
Remove AIA extension from root CA signing cert
Browse files Browse the repository at this point in the history 
The bootstrap caCert.profile has been modified such that root
CA signing certs will no longer have an AIA extension. The
regular CA signing cert profiles have not been modified so
sub CA signing certs will continue to have an AIA extension.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2182201
  • Loading branch information
@edewata
edewata committed May 9, 2023
1 parent 37d7a23 commit a2987c5
Showing 1 changed file with 1 addition and 9 deletions.
10 changes: 1 addition & 9 deletions base/ca/shared/conf/caCert.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ name=All Purpose CA Profile
description=This profile creates a CA certificate that is valid for all signing purposes.
profileIDMapping=caCACert
profileSetIDMapping=caCertSet
list=2,4,5,6,7,8
list=2,4,5,6,7
2.default.class=com.netscape.cms.profile.def.CAValidityDefault
2.default.name=CA Certificate Validity Default
2.default.params.range=7305
Expand Down Expand Up @@ -34,11 +34,3 @@ list=2,4,5,6,7,8
7.default.class=com.netscape.cms.profile.def.SubjectKeyIdentifierExtDefault
7.default.name=Subject Key Identifier Extension Default
7.default.params.critical=false
8.default.class=com.netscape.cms.profile.def.AuthInfoAccessExtDefault
8.default.name=AIA Extension Default
8.default.params.authInfoAccessADEnable_0=true
8.default.params.authInfoAccessADLocationType_0=URIName
8.default.params.authInfoAccessADLocation_0=
8.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
8.default.params.authInfoAccessCritical=false
8.default.params.authInfoAccessNumADs=1

0 comments on commit a2987c5

Please sign in to comment.