Hi Thomas, to be honest the "extra" SAN feature has not been used for quite a while and is under consideration to be removed - you can just add the extra emails to the "subject" block which should work without any problems.
best regards Oliver Am 21.04.20 um 12:39 schrieb Thomas Schachtner: > Hi there, > > I would like to have certificates with email addresses as Subject > Alternative Names. > With IP addresses and DNS names, this is working fine. I can add them to > the certificate template and they are displayed correctly as DNS: ... > and IP: ..., but with the SAN type "email", this is not working. > Is this a known issue? > > Here's the part of the policy file where I put the san part: > > style: > 00_user_basic_style: > label: I18N_OPENXPKI_UI_PROFILE_BASIC_STYLE_LABEL > description: I18N_OPENXPKI_UI_PROFILE_BASIC_STYLE_DESC > ui: > subject: > - realname > - email > san: > - san_email > info: > - comment > > subject: > dn: CN=[% realname %],DC=xxxx,DC=yyyy,DC=zz > san: > email: > - "[% email.lower %]" > - "[% FOREACH entry = san_email %][% entry.lower %] | > [% END %]" > > metadata: > requestor: "[% realname %]" > email: "[% email %]" > > I also have a template for san_email: > > id: san_email > label: I18N_OPENXPKI_UI_PROFILE_SAN_EMAILADDRESS > description: I18N_OPENXPKI_UI_PROFILE_SAN_EMAILADDRESS_DESC > type: freetext > match: \A .+@.+ \z > width: 30 > placeholder: [email protected] > min: 0 > max: 20 > > Is this configuration correct? > Is this configuration enough? > Should email addresses as SANs work with OpenXPKI? > > Best regards, > Thomas > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
