Menu Close
Settings Close

Language and Page Formatting Options

3.3. Defining Key Defaults in Profiles

When creating certificate profiles, the Key Default must be added before the Subject Key Identifier Default. Certificate System processes the key constraints in the Key Default before creating or applying the Subject Key Identifier Default, so if the key has not been processed yet, setting the key in the subject name fails.
For example, an object-signing profile may define both defaults:
policyset.set1.p3.constraint.class_id=noConstraintImpl Constraint
policyset.set1.p3.default.class_id=subjectKeyIdentifierExtDefaultImpl Key Identifier Default
policyset.set1.p11.constraint.class_id=keyConstraintImpl Constraint
policyset.set1.p11.default.class_id=userKeyDefaultImpl Default
In the policyset list, then, the Key Default (p11) must be listed before the Subject Key Identifier Default (p3).