Re: [OpenXPKI-users] R: EST and subjectAltName

Tue, 25 Jun 2024 22:35:07 -0700 

Hi Elsa,
OpenXPKI does not blindly copy things from the CSR but parses the CSR content and makes this available to a template kit for building the final certificate. Those properties can be found in the profiles (which are the yaml files located in config.d/realm/democa/profiles) - so you need to rework this to include your expected SAN items. 

Oliver

On 21.06.24 14:53, Corniani Elsa (RSE) wrote:


Hi Oliver,


thank you for your reply, but I am not sure what I am missing as I am 
still not getting SAN in my certificate.



I am using openSSL to generate the CSR and I do indeed have the field 
XmppAddr with the jabberID in the SubjectAltName section in this CSR. 
However, when I send this CSR, the certificate that I get back does 
not contain this field. Should I also change some settings so that the 
field is read and copied from the CSR to the certificate?


Thank you very much,

Regards.

Elsa

*Da:*Oliver Welter <m...@oliwel.de>
*Inviato:* sabato 1 giugno 2024 19:08
*A:* openxpki-users@lists.sourceforge.net
*Oggetto:* Re: [OpenXPKI-users] EST and subjectAltName

Hello Elsa,


in case you have this information in the CSR you should be able to 
access this information in the profile via "otherName" in the same way 
as you can see this for DNS/IP. In case you do not have this extension 
in the CSR already you need to grab this from an other source which 
requires some rework of the workflows.


best regards

Ol

On 29.05.24 12:22, Corniani Elsa (RSE) wrote:

    Hi,

    I'm using Authenticated EST to get a TLS client certificate. I
    would like to use this client certificate to authenticate to an
    xmpp server, so I need the certificate to contain the field:
    subjectAltName = otherName:XmppAddr;UTF8:jabberID@domain.

    Could you please help me with the steps to get such a certificate
    using EST in OpenXPKI?

    Thank you very much.

    Regards,

    Elsa



                RSE SpA ha adottato il Modello Organizzativo ai sensi
                del D.Lgs.231/2001, in forza del quale l'assunzione di
                obbligazioni da parte della Società avviene con firma
                di un procuratore, munito di idonei poteri. RSE adopts
                a Compliance Programme under the Italian Law
                (D.Lgs.231/2001). According to this RSE Compliance
                Programme, any commitment of RSE is taken by the
                signature of one Representative granted by a proper
                Power of Attorney.

                Le informazioni contenute in questo messaggio di posta
                elettronica sono riservate e confidenziali e ne e'
                vietata la diffusione in qualsiasi modo o forma.
                Qualora Lei non fosse la persona destinataria del
                presente messaggio, La invitiamo a non diffonderlo e
                ad eliminarlo, dandone gentilmente comunicazione al
                mittente. The information included in this e-mail and
                any attachments are confidential and may also be
                privileged. If you are not the correct recipient, you
                are kindly requested to notify the sender immediately,
                to cancel it and not to disclose the contents to any
                other person.




    _______________________________________________

    OpenXPKI-users mailing list

    OpenXPKI-users@lists.sourceforge.net  
<mailto:OpenXPKI-users@lists.sourceforge.net>

    https://lists.sourceforge.net/lists/listinfo/openxpki-users  
<https://lists.sourceforge.net/lists/listinfo/openxpki-users>

--
Protect your environment -  close windows and adopt a penguin!



            RSE SpA ha adottato il Modello Organizzativo ai sensi del
            D.Lgs.231/2001, in forza del quale l'assunzione di
            obbligazioni da parte della Società avviene con firma di
            un procuratore, munito di idonei poteri. RSE adopts a
            Compliance Programme under the Italian Law
            (D.Lgs.231/2001). According to this RSE Compliance
            Programme, any commitment of RSE is taken by the signature
            of one Representative granted by a proper Power of Attorney.

            Le informazioni contenute in questo messaggio di posta
            elettronica sono riservate e confidenziali e ne e' vietata
            la diffusione in qualsiasi modo o forma. Qualora Lei non
            fosse la persona destinataria del presente messaggio, La
            invitiamo a non diffonderlo e ad eliminarlo, dandone
            gentilmente comunicazione al mittente. The information
            included in this e-mail and any attachments are
            confidential and may also be privileged. If you are not
            the correct recipient, you are kindly requested to notify
            the sender immediately, to cancel it and not to disclose
            the contents to any other person.



_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users


--
Protect your environment -  close windows and adopt a penguin!

_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to