Hi.
On 10/8/20 9:06 PM, Rob Crittenden via FreeIPA-users wrote:
Radosław Kujawa via FreeIPA-users wrote:
Hi list.
Is it possible to add email subjectAltName to a certificate when it is
being signed by the IPA?
How would the profile know what e-mail to add?
These certificates are treated by IPA as "user certificates". The CN is
set to IPA user's login.
By some magic, IPA knows that such certificate should be added to LDAP
object representing particular user.
I hoped it would be possible to instruct it, to fetch the email
attribute from LDAP object when signing the cert (based on the CN) and
put it into subjectAltName.
Best regards,
Radoslaw
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
