Yeah sure, it just forward it to the list. ----- Original Message ----- From: "Rafael Leiva-Ochoa" <[email protected]> To: "John Magne" <[email protected]> Cc: [email protected] Sent: Thursday, January 12, 2017 3:08:50 PM Subject: Re: [Pki-users] SAN on Certificate
I can send you the email that I got from the list? Will this be good? Thanks, R On Thu, Jan 12, 2017 at 3:05 PM John Magne <[email protected]> wrote: > Hi: > > > > Is there any way you can reproduce the confusing answer you got, which may > give us a head start? > > > > > > > > > > > > ----- Original Message ----- > > > From: "Rafael Leiva-Ochoa" <[email protected]> > > > To: [email protected] > > > Sent: Thursday, January 12, 2017 2:36:36 PM > > > Subject: Re: [Pki-users] SAN on Certificate > > > > > > Any takers? > > > On Tue, Jan 10, 2017 at 4:35 PM Rafael Leiva-Ochoa < [email protected] > > > > wrote: > > > > > > > > > > > > Hi Everyone, > > > > > > I am sorry for asking this question again, but the last time I asked it, > I > > > was confused with the answer. I am trying to create a "certificate > profile" > > > that will support 3 to 4 SAN (Subject Alternative Names), since the > current > > > profiles do not have support for this by default. I was trying to > duplicate > > > the "Manual Server Certificate Enrollment" profile, and adding SAN > support. > > > I tried using this as a guild: > > > > > > > https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Certificate_and_CRL_Extensions.html#Subject_Alternative_Name_Extension_Default > > > > > > and > > > > > > > https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Managing_Subject_Names_and_Subject_Alternative_ > > > Names .html > > > > > > This is how the profile looks like: > > > > > > policyset.serverCertSet.9. constraint.class_id= noConstraintImpl > > > policyset.serverCertSet.9.constraint. name =No Constraint > > > policyset.serverCertSet.9. default.class_id= subjectAltNameExtDefaultImpl > > > policyset.serverCertSet.9.default. name = Subject Alternative Name > Extension > > > Default > > > policyset.serverCertSet.9. default.params. subjAltExtGNEnable_0=true > > > policyset.serverCertSet.9. default.params. subjAltExtPattern_0= > > > policyset.serverCertSet.9. default.params.subjAltExtType_ 0=DNSName > > > policyset.serverCertSet.9. default.params. subjAltNameExtCritical=false > > > policyset.serverCertSet.9. default.params. subjAltNameNumGNs=1 > > > > > > The CSR looks like this: > > > > > > *Common Name :* node1.example.com > > > * Subject Alternative Names :* test.example.com , test1.example.com , > > > test2.example.com > > > *Organization:* Test Corp > > > *Organization Unit:* IT Department > > > *Locality:* LA > > > *State:* OR > > > *Country:* US > > > > > > I am doing to do this instead of using wildcard certs. > > > > > > Thanks, > > > > > > Rafael > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > Pki-users mailing list > > > [email protected] > > > https://www.redhat.com/mailman/listinfo/pki-users > > _______________________________________________ Pki-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-users
