Hi list.
Is it possible to add email subjectAltName to a certificate when it is
being signed by the IPA?
My use case is that I have CSRs generated by the users. The tool used to
generate the CSR does not allow to add me to include an email
subjectAltName. The problem is that private key is held on the external
device, so I am not easily able to manipulate the CSR using openssl.
I already have a specific certificate profile added to IPA, used for
this process. But I am not sure if it is possible to enforce adding SAN
with user's email address when signing the certificate. I'd be grateful
for any hints.
Best regards,
Radoslaw
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
