Hi Oliver,
I tried the following with limited/no success:
in file profile/I18N_OPENXPKI_PROFILE_TLS_SERVER.yaml
...
05_advanced_style:
label: I18N_OPENXPKI_UI_PROFILE_ADVANCED_STYLE_LABEL
description: I18N_OPENXPKI_UI_PROFILE_ADVANCED_STYLE_DESC
ui:
subject:
...
san:
- san_choice
...
and implemented profile for san_choice profile/template/san_choice.yaml
pretty much as you suggested like hostname2:
id: san_choice
label: I18N_OPENXPKI_UI_PROFILE_SAN_DNS
description: I18N_OPENXPKI_UI_PROFILE_SAN_DNS_DESC
type: freetext
preset: SAN_DNS.X
match: \A [A-Za-z\d\-\.]+ \z
width: 60
default: fully.qualified.example.com
min: 0
max: 100
the result has been a new ui screen and with the DNS field
(I18N_OPENXPKI_UI_PROFILE_SAN_DNS).
But the alternate subject names (san's) are not preset. As I would
suppose according to the profile defnition.
Is there still something to do, or something wrong ?
Thanks a lot !
Marian
On 18.11.2016 18:42, Oliver Welter wrote:
> Hi Marian,
>
> you dont need to deal with the workflow, you must add fields to the
> profile to receive the extra hostnames and prefill them from the SANs.
> We just implemented the syntax some weeks ago, look at the definition
> of "hostname2" in profile/template/ and in the profile definition itself.
>
> There is also a section in the docs
> http://openxpki.readthedocs.io/en/latest/reference/configuration/profile.html
>
>
> And yes, we really need to clean that up ;)
>
> best regards
>
> Oliver
>
> Am 12.11.2016 um 17:13 schrieb Marian Thieme:
>> Hello,
>>
>> could somebody provide help in order to extend the CSR workflow
>> (TLS/Webserver with Subject Style called "Extended naming (expert use
>> only)") ?
>> I want to maintain multiple hostnames on a single certificate using the
>> SAN field.
>>
>> I guess I have to define something in the yaml worklfow like here:
>> /etc/openxpki/config.d/realm/ca-one/workflow/def/certificate_signing_request_v2.yaml
>>
>> but I don't know exactly how. Do you have a small primer or an example
>> config how to achieve that ?
>> I was thinking to use the default workflow, however, there it isn't
>> possible to change the domain component (DC).
>>
>> Thanks,
>> Marian
>>
>> ------------------------------------------------------------------------------
>>
>> Developer Access Program for Intel Xeon Phi Processors
>> Access to Intel Xeon Phi processor-based developer platforms.
>> With one year of Intel Parallel Studio XE.
>> Training and support from Colfax.
>> Order your platform today. http://sdm.link/xeonphi
>> _______________________________________________
>> OpenXPKI-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>>
>
>
>
>
> ------------------------------------------------------------------------------
>
>
>
> _______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
------------------------------------------------------------------------------
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
