Radosław Kujawa via FreeIPA-users wrote: > Hi list. > > Is it possible to add email subjectAltName to a certificate when it is > being signed by the IPA? > > My use case is that I have CSRs generated by the users. The tool used to > generate the CSR does not allow to add me to include an email > subjectAltName. The problem is that private key is held on the external > device, so I am not easily able to manipulate the CSR using openssl. > > I already have a specific certificate profile added to IPA, used for > this process. But I am not sure if it is possible to enforce adding SAN > with user's email address when signing the certificate. I'd be grateful > for any hints. >
How would the profile know what e-mail to add? rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
