Any takers? On Tue, Jan 10, 2017 at 4:35 PM Rafael Leiva-Ochoa <[email protected]> wrote:
> Hi Everyone, > > I am sorry for asking this question again, but the last time I asked > it, I was confused with the answer. I am trying to create a "certificate > profile" that will support 3 to 4 SAN (Subject Alternative Names), since > the current profiles do not have support for this by default. I was trying > to duplicate the "Manual Server Certificate Enrollment" profile, and adding > SAN support. I tried using this as a guild: > > > https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Certificate_and_CRL_Extensions.html#Subject_Alternative_Name_Extension_Default > > and > > > https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Managing_Subject_Names_and_Subject_Alternative_ > Names.html > > This is how the profile looks like: > > policyset.serverCertSet.9.constraint.class_id=noConstraintImpl > policyset.serverCertSet.9.constraint.name > <http://policyset.servercertset.9.constraint.name/>=No Constraint > policyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl > policyset.serverCertSet.9.default.name > <http://policyset.servercertset.9.default.name/>=Subject Alternative Name > Extension > Default > policyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true > policyset.serverCertSet.9.default.params.subjAltExtPattern_0= > policyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName > policyset.serverCertSet.9.default.params.subjAltNameExtCritical=false > policyset.serverCertSet.9.default.params.subjAltNameNumGNs=1 > > The CSR looks like this: > > *Common Name:* node1.example.com > *Subject Alternative Names:* test.example.com, test1.example.com, > test2.example.com > *Organization:* Test Corp > *Organization Unit:* IT Department > *Locality:* LA > *State:* OR > *Country:* US > > I am doing to do this instead of using wildcard certs. > > Thanks, > > Rafael > > > > > > > > > > > > > > > > > > > > > > >
_______________________________________________ Pki-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-users
