On Tue, Jul 21, 2015 at 10:22:01AM +0200, Günther J. Niederwimmer wrote:
> Hello,
> 
> Is it possible to add a Email -Address to a user Certificate (Subject 
> Alternative Name)
> 
> I mean I have read something but I can't found again?
> 
> Thanks for a Answer,
> 
> -- 
> mit freundlichen Grüssen / best regards,
> 
>  Günther J. Niederwimmer
> 
Hi Günther,

This is supported in FreeIPA 4.2, using the default profile.  When
you include an rfc822Name in the subjectAltName request extension it
will be verified that it matches the user principal and then
included in final certificate.

Unfortunately there is not yet a way to automatically include an
rfc822Name SAN based on the user's email.

Cheers,
Fraser

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to