From ed6e62100249bf099ec8b90a8ad147532b40372b Mon Sep 17 00:00:00 2001
From: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Date: Tue, 8 Sep 2020 13:00:50 +0200
Subject: [PATCH] [CONTRIB] Adjust EJBCA to issue certificates usable by
 servers.

Add configuration to EJBCA that allows to create keystores with
extendedKeyUsage containing serverAuth.

Issue-ID: AAF-1121
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I6fc1d228acb4edc089be11d66186cfb5006e9ad1
---
 .../certprofile_CUSTOM_ENDUSER-1834889499.xml      | 595 +++++++++++++
 .../components/ejbca/resources/ejbca-config.sh     |   6 +
 .../entityprofile_Custom_EndEntity-1356531849.xml  | 936 +++++++++++++++++++++
 .../components/ejbca/templates/configmap.yaml      |   8 +
 .../components/ejbca/templates/deployment.yaml     |   6 +
 5 files changed, 1551 insertions(+)
 create mode 100644 kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml
 create mode 100644 kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml

diff --git a/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml b/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml
new file mode 100644
index 0000000000..e163aed82a
--- /dev/null
+++ b/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml
@@ -0,0 +1,595 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<java version="1.8.0_242" class="java.beans.XMLDecoder">
+ <object class="java.util.LinkedHashMap">
+  <void method="put">
+   <string>version</string>
+   <float>46.0</float>
+  </void>
+  <void method="put">
+   <string>type</string>
+   <int>1</int>
+  </void>
+  <void method="put">
+   <string>certversion</string>
+   <string>X509v3</string>
+  </void>
+  <void method="put">
+   <string>encodedvalidity</string>
+   <string>2y</string>
+  </void>
+  <void method="put">
+   <string>usecertificatevalidityoffset</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>certificatevalidityoffset</string>
+   <string>-10m</string>
+  </void>
+  <void method="put">
+   <string>useexpirationrestrictionforweekdays</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>expirationrestrictionforweekdaysbefore</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>expirationrestrictionweekdays</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <boolean>true</boolean>
+    </void>
+    <void method="add">
+     <boolean>true</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>true</boolean>
+    </void>
+    <void method="add">
+     <boolean>true</boolean>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>allowvalidityoverride</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>allowextensionoverride</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>allowdnoverride</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>allowdnoverridebyeei</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>allowbackdatedrevokation</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usecertificatestorage</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>storecertificatedata</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>storesubjectaltname</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>usebasicconstrants</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>basicconstraintscritical</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>usesubjectkeyidentifier</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>subjectkeyidentifiercritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useauthoritykeyidentifier</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>authoritykeyidentifiercritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usesubjectalternativename</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>subjectalternativenamecritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useissueralternativename</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>issueralternativenamecritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usecrldistributionpoint</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usedefaultcrldistributionpoint</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>crldistributionpointcritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>crldistributionpointuri</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>usefreshestcrl</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usecadefinedfreshestcrl</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>freshestcrluri</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>crlissuer</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>usecertificatepolicies</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>certificatepoliciescritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>certificatepolicies</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <string>availablekeyalgorithms</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <string>DSA</string>
+    </void>
+    <void method="add">
+     <string>ECDSA</string>
+    </void>
+    <void method="add">
+     <string>RSA</string>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>availableeccurves</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <string>ANY_EC_CURVE</string>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>availablebitlengths</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>192</int>
+    </void>
+    <void method="add">
+     <int>224</int>
+    </void>
+    <void method="add">
+     <int>239</int>
+    </void>
+    <void method="add">
+     <int>256</int>
+    </void>
+    <void method="add">
+     <int>384</int>
+    </void>
+    <void method="add">
+     <int>512</int>
+    </void>
+    <void method="add">
+     <int>521</int>
+    </void>
+    <void method="add">
+     <int>1024</int>
+    </void>
+    <void method="add">
+     <int>1536</int>
+    </void>
+    <void method="add">
+     <int>2048</int>
+    </void>
+    <void method="add">
+     <int>3072</int>
+    </void>
+    <void method="add">
+     <int>4096</int>
+    </void>
+    <void method="add">
+     <int>6144</int>
+    </void>
+    <void method="add">
+     <int>8192</int>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>minimumavailablebitlength</string>
+   <int>0</int>
+  </void>
+  <void method="put">
+   <string>maximumavailablebitlength</string>
+   <int>8192</int>
+  </void>
+  <void method="put">
+   <string>signaturealgorithm</string>
+   <null/>
+  </void>
+  <void method="put">
+   <string>usekeyusage</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>keyusage</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <boolean>true</boolean>
+    </void>
+    <void method="add">
+     <boolean>true</boolean>
+    </void>
+    <void method="add">
+     <boolean>true</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>allowkeyusageoverride</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>keyusagecritical</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>useextendedkeyusage</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>extendedkeyusage</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <string>1.3.6.1.5.5.7.3.2</string>
+    </void>
+    <void method="add">
+     <string>1.3.6.1.5.5.7.3.4</string>
+    </void>
+    <void method="add">
+     <string>1.3.6.1.5.5.7.3.1</string>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>extendedkeyusagecritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usedocumenttypelist</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>documenttypelistcritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>documenttypelist</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <string>availablecas</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <int>-1</int>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>usedpublishers</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <string>useocspnocheck</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useldapdnorder</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>usecustomdnorder</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usemicrosofttemplate</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>microsofttemplate</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>usecardnumber</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usecnpostfix</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>cnpostfix</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>usesubjectdnsubset</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>subjectdnsubset</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <string>usesubjectaltnamesubset</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>subjectaltnamesubset</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <string>usepathlengthconstraint</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>pathlengthconstraint</string>
+   <int>0</int>
+  </void>
+  <void method="put">
+   <string>useqcstatement</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usepkixqcsyntaxv2</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useqcstatementcritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useqcstatementraname</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>useqcsematicsid</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>useqcetsiqccompliance</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useqcetsisignaturedevice</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useqcetsivaluelimit</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>qcetsivaluelimit</string>
+   <int>0</int>
+  </void>
+  <void method="put">
+   <string>qcetsivaluelimitexp</string>
+   <int>0</int>
+  </void>
+  <void method="put">
+   <string>qcetsivaluelimitcurrency</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>useqcetsiretentionperiod</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>qcetsiretentionperiod</string>
+   <int>0</int>
+  </void>
+  <void method="put">
+   <string>useqccustomstring</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>qccustomstringoid</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>qccustomstringtext</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>qcetsipds</string>
+   <null/>
+  </void>
+  <void method="put">
+   <string>qcetsitype</string>
+   <null/>
+  </void>
+  <void method="put">
+   <string>usecertificatetransparencyincerts</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usecertificatetransparencyinocsp</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usecertificatetransparencyinpublisher</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usesubjectdirattributes</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usenameconstraints</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useauthorityinformationaccess</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>caissuers</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <string>usedefaultcaissuer</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usedefaultocspservicelocator</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>ocspservicelocatoruri</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>cvcaccessrights</string>
+   <int>3</int>
+  </void>
+  <void method="put">
+   <string>usedcertificateextensions</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <string>approvals</string>
+   <object class="java.util.LinkedHashMap">
+    <void method="put">
+     <object class="java.lang.Enum" method="valueOf">
+      <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+      <string>REVOCATION</string>
+     </object>
+     <int>-1</int>
+    </void>
+    <void method="put">
+     <object class="java.lang.Enum" method="valueOf">
+      <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+      <string>KEYRECOVER</string>
+     </object>
+     <int>-1</int>
+    </void>
+    <void method="put">
+     <object class="java.lang.Enum" method="valueOf">
+      <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+      <string>ADDEDITENDENTITY</string>
+     </object>
+     <int>-1</int>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>useprivkeyusageperiodnotbefore</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useprivkeyusageperiod</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useprivkeyusageperiodnotafter</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>privkeyusageperiodstartoffset</string>
+   <long>0</long>
+  </void>
+  <void method="put">
+   <string>privkeyusageperiodlength</string>
+   <long>63072000</long>
+  </void>
+  <void method="put">
+   <string>usesingleactivecertificateconstraint</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>overridableextensionoids</string>
+   <object class="java.util.LinkedHashSet"/>
+  </void>
+  <void method="put">
+   <string>nonoverridableextensionoids</string>
+   <object class="java.util.LinkedHashSet"/>
+  </void>
+  <void method="put">
+   <string>allowcertsnoverride</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usecustomdnorderldap</string>
+   <boolean>false</boolean>
+  </void>
+ </object>
+</java>
diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
index f1bd07e158..ad10240b94 100755
--- a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
+++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
@@ -12,6 +12,12 @@ configureEjbca() {
     ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
     ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK}
     ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+    #Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth)
+    ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles
+    #Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml)
+    ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER
+    #ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml)
+    ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849
     ejbca.sh config cmp dumpalias --alias cmpRA
     ejbca.sh config cmp addalias --alias cmp
     ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
diff --git a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml
new file mode 100644
index 0000000000..652acd5fa7
--- /dev/null
+++ b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml
@@ -0,0 +1,936 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<java version="1.8.0_242" class="java.beans.XMLDecoder">
+ <object class="java.util.LinkedHashMap">
+  <void method="put">
+   <string>version</string>
+   <float>14.0</float>
+  </void>
+  <void method="put">
+   <string>NUMBERARRAY</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>3</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>SUBJECTDNFIELDORDER</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <int>500</int>
+    </void>
+    <void method="add">
+     <int>1100</int>
+    </void>
+    <void method="add">
+     <int>1200</int>
+    </void>
+    <void method="add">
+     <int>1300</int>
+    </void>
+    <void method="add">
+     <int>1400</int>
+    </void>
+    <void method="add">
+     <int>1600</int>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>SUBJECTALTNAMEFIELDORDER</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <int>1800</int>
+    </void>
+    <void method="add">
+     <int>1801</int>
+    </void>
+    <void method="add">
+     <int>1802</int>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>SUBJECTDIRATTRFIELDORDER</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <int>0</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20000</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10000</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30000</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>1</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20001</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10001</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30001</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>95</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20095</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10095</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30095</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>96</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20096</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10096</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30096</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>5</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20005</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10005</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30005</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>26</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20026</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10026</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30026</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>29</int>
+   <string>1834889499</string>
+  </void>
+  <void method="put">
+   <int>20029</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10029</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30029</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30</int>
+   <string>1834889499</string>
+  </void>
+  <void method="put">
+   <int>20030</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10030</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30030</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>31</int>
+   <string>1</string>
+  </void>
+  <void method="put">
+   <int>20031</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10031</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30031</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>32</int>
+   <string>1;2;3;4</string>
+  </void>
+  <void method="put">
+   <int>20032</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10032</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30032</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>33</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20033</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10033</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30033</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>34</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20034</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10034</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30034</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>38</int>
+   <string>1</string>
+  </void>
+  <void method="put">
+   <int>20038</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10038</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30038</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>37</int>
+   <string>-477565695</string>
+  </void>
+  <void method="put">
+   <int>20037</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10037</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30037</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>98</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20098</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10098</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30098</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>99</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20099</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10099</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30099</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>97</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20097</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10097</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30097</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>91</int>
+   <string>false</string>
+  </void>
+  <void method="put">
+   <int>20091</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10091</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30091</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>94</int>
+   <string>-1</string>
+  </void>
+  <void method="put">
+   <int>20094</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10094</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30094</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>93</int>
+   <string>-1</string>
+  </void>
+  <void method="put">
+   <int>20093</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10093</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30093</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>89</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20089</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10089</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30089</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>88</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20088</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10088</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30088</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>ALLOW_MERGEDN_WEBSERVICES</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>2</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20002</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10002</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10090</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>90</int>
+   <string>0</string>
+  </void>
+  <void method="put">
+   <string>REVERSEFFIELDCHECKS</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>28</int>
+   <string>false</string>
+  </void>
+  <void method="put">
+   <int>20028</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10028</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>REUSECERTIFICATE</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>35</int>
+   <string>false</string>
+  </void>
+  <void method="put">
+   <int>20035</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10035</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10092</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>USEEXTENSIONDATA</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>PRINTINGUSE</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>PRINTINGDEFAULT</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>PRINTINGREQUIRED</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>PRINTINGCOPIES</string>
+   <int>1</int>
+  </void>
+  <void method="put">
+   <string>PRINTINGPRINTERNAME</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>PRINTINGSVGDATA</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>PRINTINGSVGFILENAME</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>11</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20011</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10011</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30011</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>12</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20012</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10012</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30012</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>13</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20013</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10013</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30013</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>14</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20014</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10014</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30014</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>16</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20016</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10016</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30016</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>18</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20018</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10018</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30018</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>118</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20118</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10118</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30118</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>218</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20218</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10218</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30218</int>
+   <boolean>true</boolean>
+  </void>
+ </object>
+</java>
diff --git a/kubernetes/contrib/components/ejbca/templates/configmap.yaml b/kubernetes/contrib/components/ejbca/templates/configmap.yaml
index d336bc9a94..d61af076a0 100644
--- a/kubernetes/contrib/components/ejbca/templates/configmap.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/configmap.yaml
@@ -18,3 +18,11 @@ metadata:
   name: "{{ include "common.fullname" . }}-config-script"
 data:
 {{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ include "common.fullname" . }}-profiles"
+data:
+{{ tpl (.Files.Glob "resources/certprofile_CUSTOM_ENDUSER-1834889499.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/entityprofile_Custom_EndEntity-1356531849.xml").AsConfig . | indent 2 }}
diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
index 1b1843476d..495b816bc5 100644
--- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
@@ -51,6 +51,8 @@ spec:
         volumeMounts:
           - name: "{{ include "common.fullname" . }}-volume"
             mountPath: /opt/primekey/scripts/
+          - name: "{{ include "common.fullname" . }}-profiles-volume"
+            mountPath: /opt/primekey/custom_profiles/
         ports: {{ include "common.containerPorts" . | nindent 10 }}
         env:
         - name: INITIAL_ADMIN
@@ -90,3 +92,7 @@ spec:
           name: "{{ include "common.fullname" . }}-config-script"
           defaultMode: 0755
         name: "{{ include "common.fullname" . }}-volume"
+      - configMap:
+          name: "{{ include "common.fullname" . }}-profiles"
+          defaultMode: 0755
+        name: "{{ include "common.fullname" . }}-profiles-volume"
-- 
2.16.6