Hi Ives,
And we must set two values in the Subject Alternativ Name...
its not working without? i didn't check it yet... but i thought since it took me soo long to realize that cisco likes it this way at the pix, i did this with the routers
but i give it a try later - or did u already?
We had not time to try out all variants - at least this will work and we will take this way :)
but i think, you have to do this, before anyone signs a csr - like an ra-admin, but i think, since this headerfields are used to construct
the certificate - this is the best and also a clean solution for this
'problem'
it just has to be at the right place in the workflow and it would be quite flexible if db-editing could be used, since no existing scripts had to be modified and one could just create a db-changing script for the special purpose - this may be configurable - so one doesn't have to write it itself and set just in some config-file ;) - what hase to be done with wich fields...
so one would need: renaming, deconstructing (like to sepparete those + combined attributes), constructing (create such + combined attributes) and copying from dn to san or something similar...
I discussed that with Martin today - we both think that a genralized "preSOMESTEPHook" and a "postSOMESTEPHook" machanism in the whole CA System would be valuable - we will try to bring the change in the upcoming 0.9.3
Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
