Hi Oli,
We have to set some fields on the request manually and want to automate this. The modificatiosn are:
Setting unstructuredName=ipsec-test.test.corp+unstructuredAddress=1.1.1.1,OU=... to unstructuredAddress=1.1.1.1,unstructuredName=ipsec-test.test.corp,OU=...
;)
And we must set two values in the Subject Alternativ Name...
its not working without? i didn't check it yet... but i thought since it took me soo long to realize that cisco likes it this way at the pix, i did this with the routers
but i give it a try later - or did u already?
If you need this too, I think we should work together on building a solution that is flexible enough to support not only our requirements but a broader range.
It is possible to provide an initially edited CSR by simply inserting the corresponding fields to the CSR to be inserted into the DB, e. g. if you include
it sounds reasonable...
but i think, you have to do this, before anyone signs a csr - like an ra-admin, but i think, since this headerfields are used to construct
the certificate - this is the best and also a clean solution for this
'problem'
it just has to be at the right place in the workflow and it would be quite flexible if db-editing could be used, since no existing scripts had to be modified and one could just create a db-changing script for the special purpose - this may be configurable - so one doesn't have to write it itself and set just in some config-file ;) - what hase to be done with wich fields...
so one would need: renaming, deconstructing (like to sepparete those + combined attributes), constructing (create such + combined attributes) and copying from dn to san or something similar...
so we have original fields - an operation and an destination field, maybe, so it could be generally configurable with a schema like this?
greetings dalini
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ OpenCA-Devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-devel
