Hi Marian,I am sure it works as we have it in use by another customer but its likely a config problem. You want to see the SANs from the PKCS10 in the extra SAN fiels of the template, right?
Oliver Am 22.11.2016 um 20:56 schrieb Marian Thieme:
Hi Oliver ! Version, as shown in the web-ui (Information->System Status) and by "openxpkiadm version" as well: 1.14.1 When I open the workflow (since I didn't complete it) again it show quite a good summary and I can confirm that it loads the correct information like: ... crs_subject | subjectAltName=DNS.1=abc.mydomain.net\,DNS.2=def.mydomain.net,emailAddress=... ... however it doesn't feed the DNS field with the preset values. I even updated to to 1.15, ... but no change ! Regards, Marian On 22.11.2016 07:47, Oliver Welter wrote:Hi Marian, looks good - what version of openxpki are you running, the required changes have been added in 1.14 and we only have current debian packages. So if you use Ubuntu, its likely that you just have too old code (we have some deps issues on ubuntu and did not update the packages to the recent version). Oliver Am 21.11.2016 um 22:09 schrieb Marian Thieme:Hi Oliver, I tried the following with limited/no success: in file profile/I18N_OPENXPKI_PROFILE_TLS_SERVER.yaml ... 05_advanced_style: label: I18N_OPENXPKI_UI_PROFILE_ADVANCED_STYLE_LABEL description: I18N_OPENXPKI_UI_PROFILE_ADVANCED_STYLE_DESC ui: subject: ... san: - san_choice ... and implemented profile for san_choice profile/template/san_choice.yaml pretty much as you suggested like hostname2: id: san_choice label: I18N_OPENXPKI_UI_PROFILE_SAN_DNS description: I18N_OPENXPKI_UI_PROFILE_SAN_DNS_DESC type: freetext preset: SAN_DNS.X match: \A [A-Za-z\d\-\.]+ \z width: 60 default: fully.qualified.example.com min: 0 max: 100 the result has been a new ui screen and with the DNS field (I18N_OPENXPKI_UI_PROFILE_SAN_DNS). But the alternate subject names (san's) are not preset. As I would suppose according to the profile defnition. Is there still something to do, or something wrong ? Thanks a lot ! Marian On 18.11.2016 18:42, Oliver Welter wrote:Hi Marian, you dont need to deal with the workflow, you must add fields to the profile to receive the extra hostnames and prefill them from the SANs. We just implemented the syntax some weeks ago, look at the definition of "hostname2" in profile/template/ and in the profile definition itself. There is also a section in the docs http://openxpki.readthedocs.io/en/latest/reference/configuration/profile.html And yes, we really need to clean that up ;) best regards Oliver Am 12.11.2016 um 17:13 schrieb Marian Thieme:Hello, could somebody provide help in order to extend the CSR workflow (TLS/Webserver with Subject Style called "Extended naming (expert use only)") ? I want to maintain multiple hostnames on a single certificate using the SAN field. I guess I have to define something in the yaml worklfow like here: /etc/openxpki/config.d/realm/ca-one/workflow/def/certificate_signing_request_v2.yaml but I don't know exactly how. Do you have a small primer or an example config how to achieve that ? I was thinking to use the default workflow, however, there it isn't possible to change the domain component (DC). Thanks, Marian ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users------------------------------------------------------------------------------ _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users------------------------------------------------------------------------------ _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users------------------------------------------------------------------------------ _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users------------------------------------------------------------------------------ _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
-- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
