Yes, Making this a default will make it much easier. On Fri, Mar 30, 2018 at 8:14 AM Marc Sauton <[email protected]> wrote:
> Yes,sorry, I forgot to mention the profile used for the internal SSL > server certificate at configuration needed to be copied > from /usr/share/pki/ca/conf/serverCert.profile.exampleWithSAN > Should we make this a default setting? > Thanks, > M. > > On Thu, Mar 29, 2018 at 10:05 PM, Rafael Leiva-Ochoa <[email protected]> > wrote: > >> Found the solution here...Thanks again! >> >> https://www.redhat.com/archives/pki-devel/2015-April/msg00077.html >> >> On Thu, Mar 29, 2018 at 8:06 PM, Rafael Leiva-Ochoa <[email protected]> >> wrote: >> >>> sending to alias also... >>> >>> ---------- Forwarded message ---------- >>> From: Rafael Leiva-Ochoa <[email protected]> >>> Date: Thu, Mar 29, 2018 at 3:35 PM >>> Subject: Re: [Pki-users] SAN for Launch page. >>> To: Marc Sauton <[email protected]> >>> >>> >>> It did not work. I am still getting SAN errors when using the Launch >>> page. I viewed the Cert that was issued to the launch page, and it is still >>> missing the SAN. Here is my ca.cfg: >>> >>> [CA] >>> >>> [email protected] >>> >>> pki_admin_name=caadmin >>> >>> pki_admin_nickname=caadmin >>> >>> pki_admin_password=xxxxxxxx >>> >>> pki_admin_uid=caadmin >>> >>> >>> pki_san_inject=True >>> >>> pki_san_for_server_cert=dogtag-ca-root.test.com >>> >>> >>> pki_client_database_password=xxxxxxxx >>> >>> pki_client_database_purge=False >>> >>> pki_client_pkcs12_password=xxxxxxxxxx >>> >>> >>> pki_ds_base_dn=dc=test,dc=com >>> >>> pki_ds_database=pki-tomcat >>> >>> pki_ds_password=xxxxxxx >>> >>> >>> pki_ca_signing_subject_dn=cn=TEST Root CA,ou=TEST Certification >>> Authority,c=US >>> >>> >>> Thanks, >>> >>> Rafael >>> >>> On Thu, Mar 29, 2018 at 2:50 PM, Rafael Leiva-Ochoa <[email protected]> >>> wrote: >>> >>>> Thanks, I will give that a try. >>>> >>>> On Thu, Mar 29, 2018 at 12:57 PM, Marc Sauton <[email protected]> >>>> wrote: >>>> >>>>> Try to add to the pkispawn config file, for example: >>>>> pki_san_inject=True >>>>> pki_san_for_server_cert=ca01.example.com,ca02.example.com, >>>>> ca.example.com >>>>> >>>>> Note for the "non-internal" certificates, there is a way to modify >>>>> enrollment profiles to add a SAN, but a recent updated feature is >>>>> described >>>>> in the page at >>>>> http://www.dogtagpki.org/wiki/PKI_10.4_Copy_CN_To_SAN >>>>> >>>>> Thanks, >>>>> M. >>>>> >>>>> On Thu, Mar 29, 2018 at 11:42 AM, Rafael Leiva-Ochoa < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Everyone, >>>>>> >>>>>> I am trying to build a new CA, and I am using the ca.cfg file to >>>>>> create the CA, but when I create the CA, the SAN is missing from the >>>>>> website cert (:8443). I am trying to look for the right value to put on >>>>>> the >>>>>> ca.cfg file for the SAN, so the the launch page does not give me SAN >>>>>> errors. Here is what I found, but nothing relating to the SAN: >>>>>> >>>>>> [CA] >>>>>> [email protected] >>>>>> pki_admin_name=caadmin >>>>>> pki_admin_nickname=caadmin >>>>>> pki_admin_password=Secret.123 >>>>>> pki_admin_uid=caadmin >>>>>> >>>>>> pki_client_database_password=Secret.123 >>>>>> pki_client_database_purge=False >>>>>> pki_client_pkcs12_password=Secret.123 >>>>>> >>>>>> pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com >>>>>> pki_ds_database=ca >>>>>> pki_ds_password=Secret.123 >>>>>> >>>>>> pki_security_domain_name=EXAMPLE >>>>>> >>>>>> Any ideas? >>>>>> >>>>>> Rafael >>>>>> >>>>>> _______________________________________________ >>>>>> Pki-users mailing list >>>>>> [email protected] >>>>>> https://www.redhat.com/mailman/listinfo/pki-users >>>>>> >>>>> >>>>> >>>> >>> >>> >> >
_______________________________________________ arm mailing list -- [email protected] To unsubscribe send an email to [email protected]
