Add profile for DNP3 / IEC 62351-8 certificates

The DNP3 smart-grid standard uses certificate with the IEC 62351-8 IECUserRoles extension. Add a profile for DNP3 certificates which copies the IECUserRoles extension from the CSR, if present. Also update cert-request to accept CSRs containing this extension. Fixes: https://fedorahosted.org/freeipa/ticket/4752 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-07-24 09:32:51 -04:00
parent aafc0e980b
commit 812ab600a3
4 changed files with 117 additions and 0 deletions
--- a/ipalib/plugins/cert.py
+++ b/ipalib/plugins/cert.py
@@ -312,6 +312,7 @@ class cert_request(VirtualCommand):
        '2.5.29.17': 'request certificate with subjectaltname',
        '2.5.29.19': None,      # Basic Constraints
        '2.5.29.37': None,      # Extended Key Usage
+        '1.2.840.10070.8.1': None, # IECUserRoles (DNP3 / IEC 62351-8)
    }

    def execute(self, csr, **kw):