Hi there,
I have been recently configuring this. See default profiles/sample.yaml
You need to specify otherName by specific OID inside SAN like this:
subject:
san:
otherName: "1.3.6.1.4.1.311.20.2.3;UTF8:[% VARIABLE_WITH_UPN %]"
Also you need to add SMARTCARD logon capability tothe extended_key_usage:
extended_key_usage:
1.3.6.1.4.1.311.20.2.2: 1
I found out there used to be predefined variable for UPN but it got removed
https://github.com/openxpki/openxpki/commit/230bc37dfcf30586c98d58a66d96c32ea69e1796
Not sure why.
Best regards,
[Logicworks]<https://logicworks.cz>
Michal Moravec Apple system administrator
Logicworks, s.r.o.<https://logicworks.cz>
Argentinská 1621/36, Praha
7<https://www.google.cz/maps/place/Etnetera+Logicworks,+s.r.o./@50.1078991,14.4517256,17z/data=!3m1!4b1!4m5!3m4!1s0x470b94b2b61cb52d:0x6c88178df7f3ff49!8m2!3d50.1078957!4d14.4539143>
www.logicworks.cz<https://logicworks.cz> | 778745013<tel:778745013>
On 19. 5. 2021, at 18:34, Scott Thomas via OpenXPKI-users
<[email protected]<mailto:[email protected]>>
wrote:
Hi,
I want to add a UPN name or Principal Name (same like and email and used in MS
Smart Card Logon) in the SAN (subject alternative name) of my
/etc/openxpki/config.d/realm.tpl/profile/user_auth_enc.yaml.bak profile. How
can i do this?
Regards
_______________________________________________
OpenXPKI-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
