Taking a quick look, it appears that you are missing a setting with "class_id" in there.
Just a suggestion. Often, for simplicity, when creating a new profile, we just copy over an old one and make the changes needed to create the new one. This can help to make sure that important settings are present. ----- Original Message ----- > From: "Rafael Leiva-Ochoa" <[email protected]> > To: "John Magne" <[email protected]> > Cc: [email protected] > Sent: Monday, January 16, 2017 9:05:59 PM > Subject: Re: [Pki-users] SAN on Certificate > > I just tried creating a new profile, and I got the following error: > > [16/Jan/2017:20:57:44][localhost-startStop-1]: Start Profile Creation - > caServerCertSAN4 caEnrollImpl > com.netscape.cms.profile.common.CAEnrollProfile > > [16/Jan/2017:20:57:44][localhost-startStop-1]: ProfileSubsystem: initing > com.netscape.cms.profile.common.CAEnrollProfile > > [16/Jan/2017:20:57:44][localhost-startStop-1]: BasicProfile: start init > > [16/Jan/2017:20:57:44][localhost-startStop-1]: WARNING, can't get default > plugin id! > > [16/Jan/2017:20:57:44][localhost-startStop-1]: > java.lang.NullPointerException > > java.lang.NullPointerException > > at > com.netscape.cms.profile.common.BasicProfile.createProfilePolicy(BasicProfile.java:891) > > at com.netscape.cms.profile.common.BasicProfile.init(BasicProfile.java:347) > > at > com.netscape.cmscore.profile.ProfileSubsystem.createProfile(ProfileSubsystem.java:126) > > at > com.netscape.cmscore.profile.ProfileSubsystem.init(ProfileSubsystem.java:85) > > at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1169) > > at com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1075) > > at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:581) > > at com.netscape.certsrv.apps.CMS.init(CMS.java:187) > > at com.netscape.certsrv.apps.CMS.start(CMS.java:1616) > > at > com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114) > > at javax.servlet.GenericServlet.init(GenericServlet.java:158) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:293) > > at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:290) > > at java.security.AccessController.doPrivileged(Native Method) > > at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) > > at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:325) > > at > org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:176) > > at > org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124) > > at > org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1215) > > at > org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1140) > > at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1027) > > at > org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5038) > > at > org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5348) > > at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) > > at > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:753) > > at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:131) > > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:153) > > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143) > > at java.security.AccessController.doPrivileged(Native Method) > > at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:727) > > at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717) > > at > org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:587) > > at > org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1798) > > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > > at java.lang.Thread.run(Thread.java:745) > > [16/Jan/2017:20:57:44][localhost-startStop-1]: Done Profile Creation - > caServerCertSAN4 > > > I made sure to add the following lines to the CS.cfg: > > profile.caServerCertSAN4.class_id=caEnrollImpl > > profile.caServerCertSAN4.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCertSAN4.cfg > > I attached the profile on this email. > > Any help would be great, > > Rafael > > On Fri, Jan 13, 2017 at 11:45 AM, Rafael Leiva-Ochoa <[email protected]> > wrote: > > > Thanks John I will give this a try tonight. > > > > > > On Fri, Jan 13, 2017 at 11:43 AM John Magne <[email protected]> wrote: > > > >> OK: > >> > >> > >> > >> The reason to ask about GUI, is because this make it easier for us to > >> make sure > >> > >> the request has the info needed. > >> > >> > >> > >> Take a look at this one: /var/lib/pki-ca/profiles/ca/DomainController.cfg > >> > >> > >> > >> This profile has the default for 2 SANs as in this snippet. > >> > >> > >> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.class_id= > >> subjectAltNameExtDefaultImpl > >> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.name=Subject Alt > >> Name Constraint > >> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.params. > >> subjAltNameExtCritical=false > >> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8. > >> default.params.subjAltExtType_0=RFC822Name > >> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.params. > >> subjAltExtPattern_0=$request.requestor_email$ > >> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.params. > >> subjAltExtGNEnable_0=true > >> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8. > >> default.params.subjAltExtType_1=OtherName > >> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.params. > >> subjAltExtPattern_1=(IA5String)1.2.3.4,$server.source$ > >> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.params. > >> subjAltExtGNEnable_1=true > >> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.params. > >> subjAltExtSource_1=UUID4 > >> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.params. > >> subjAltNameNumGNs=2 > >> > >> > >> > >> > >> > >> Note the NumGNs is set to 2. It also uses parameters from the GUI to > >> populate the values. > >> > >> > >> > >> If you have more non standard inputs you want to put in your profile, I > >> believe there is a user defined > >> > >> input that can be used. This way you can give it any id you want and the > >> profile can be told to get that > >> > >> particular value to put in place. > >> > >> > >> > >> > >> > >> > >> > >> ----- Original Message ----- > >> > >> > From: "Rafael Leiva-Ochoa" <[email protected]> > >> > >> > To: "John Magne" <[email protected]> > >> > >> > Cc: [email protected] > >> > >> > Sent: Friday, January 13, 2017 10:39:54 AM > >> > >> > Subject: Re: [Pki-users] SAN on Certificate > >> > >> > > >> > >> > It's a GUI. > >> > >> > > >> > >> > Does it matter? Would it make a difference if I use OpenSSL to > >> generate > >> > >> > the CSR ? > >> > >> > On Fri, Jan 13, 2017 at 10:38 AM John Magne <[email protected]> wrote: > >> > >> > > >> > >> > > Yes, that is the idea. > >> > >> > > > >> > >> > > > >> > >> > > > >> > >> > > If the code is able to pull info out of the request with those id's, > >> as in > >> > >> > > the profile snippet, > >> > >> > > > >> > >> > > it will put them in the cert. > >> > >> > > > >> > >> > > > >> > >> > > > >> > >> > > > >> > >> > > > >> > >> > > Might you let us know what kind of csr you are using? Is it something > >> > >> > > external, or are you using the gui? > >> > >> > > > >> > >> > > > >> > >> > > > >> > >> > > > >> > >> > > > >> > >> > > > >> > >> > > > >> > >> > > ----- Original Message ----- > >> > >> > > > >> > >> > > From: "Rafael Leiva-Ochoa" <[email protected]> > >> > >> > > > >> > >> > > To: "John Magne" <[email protected]> > >> > >> > > > >> > >> > > Cc: [email protected] > >> > >> > > > >> > >> > > Sent: Thursday, January 12, 2017 4:57:58 PM > >> > >> > > > >> > >> > > Subject: Re: [Pki-users] SAN on Certificate > >> > >> > > > >> > >> > > > >> > >> > > > >> > >> > > On the CSR there are SAN input fields...would it get them from there > >> using > >> > >> > > > >> > >> > > the settings you stated below? > >> > >> > > > >> > >> > > > >> > >> > > > >> > >> > > On Thu, Jan 12, 2017 at 4:53 PM John Magne <[email protected]> wrote: > >> > >> > > > >> > >> > > > >> > >> > > > >> > >> > > > Hi: > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > Not to sound like a broken record and say the same thing again, but > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > I looked at this link you printed: > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > https://access.redhat.com/documentation/en-US/Red_Hat_ > >> Certificate_System/8.1/html/Admin_Guide/Certificate_and_ > >> CRL_Extensions.html#Subject_Alternative_Name_Extension_Default > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > Note in there for the custom profile it has this setting: > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > policyset.serverCertSet.9.default.params.subjAltNameNumGNs=4 > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > Then for each "index" it has some different settings that determine > >> how > >> > >> > > > >> > >> > > > the info is gathered for that particular SAN, like this: > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > policyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > policyset.serverCertSet.9.default.params. > >> subjAltExtPattern_0=$request.requester_email$ > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > and > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > policyset.serverCertSet.9.default.params.subjAltExtGNEnable_1=true > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > policyset.serverCertSet.9.default.params. > >> subjAltExtPattern_1=$request.SAN1$ > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > Off the top of my head, I"m not sure where it's getting those > >> "values" > >> > >> > > > >> > >> > > > from. I'd have to go try it myself. > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > But to start with you might want to just configure your profile in > >> this > >> > >> > > > >> > >> > > > kind of way, and then we can figure out > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > any problems with where the data is coming from. > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > It may take a quick look at the code to see what is going on there. > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > thanks, > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > jack > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > As a first test, if you are not providing the proper data for say 2 > >> or 3 > >> > >> > > > >> > >> > > > sans, I suspect that the final output may show that you tried > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > to set 3 sans but the data is null or something, > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > thanks, > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > jack > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > ----- Original Message ----- > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > From: "Rafael Leiva-Ochoa" <[email protected]> > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > To: "John Magne" <[email protected]> > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > Cc: [email protected] > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > Sent: Thursday, January 12, 2017 3:38:11 PM > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > Subject: Re: [Pki-users] SAN on Certificate > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > Here is the last one I got... > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > "The patterns are defined, "hard-coded", as part of the profile > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > configuration. Therefore the number of SANs for any given profile > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > is fixed (if you are using the SubjectAltNameExtDefault class). > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > Each pattern gets formatted using information available in the > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > request. See the documentation linked below for a table of the > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > variables you can include in these patterns. > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > I cannot see a way to propagate arbitrary domain names, other than > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > the CN (which is available as the $request.req_subject_name.cn$ > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > variable), into SAN names, via SubjectAltNameExtDefault." > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > You also responded with the links I have on this email. > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > The original email subject on the list was: "SAN Feild in the MSCE > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > profile". I think you told me last time you were too busy to > >> help. > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > Thanks, > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > R > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > On Thu, Jan 12, 2017 at 3:25 PM John Magne <[email protected]> > >> wrote: > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > Yeah sure, it just forward it to the list. > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > ----- Original Message ----- > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > From: "Rafael Leiva-Ochoa" <[email protected]> > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > To: "John Magne" <[email protected]> > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > Cc: [email protected] > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > Sent: Thursday, January 12, 2017 3:08:50 PM > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > Subject: Re: [Pki-users] SAN on Certificate > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > I can send you the email that I got from the list? Will this be > >> > >> > > good? > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > Thanks, > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > R > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > On Thu, Jan 12, 2017 at 3:05 PM John Magne <[email protected]> > >> > >> > > wrote: > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > Hi: > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > Is there any way you can reproduce the confusing answer you > >> got, > >> > >> > > > >> > >> > > > which > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > may > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > give us a head start? > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > ----- Original Message ----- > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > From: "Rafael Leiva-Ochoa" <[email protected]> > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > To: [email protected] > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > Sent: Thursday, January 12, 2017 2:36:36 PM > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > Subject: Re: [Pki-users] SAN on Certificate > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > Any takers? > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > On Tue, Jan 10, 2017 at 4:35 PM Rafael Leiva-Ochoa < > >> > >> > > > >> > >> > > > [email protected] > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > wrote: > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > Hi Everyone, > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > I am sorry for asking this question again, but the last > >> time I > >> > >> > > > >> > >> > > > asked > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > it, > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > I > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > was confused with the answer. I am trying to create a > >> > >> > > "certificate > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > profile" > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > that will support 3 to 4 SAN (Subject Alternative Names), > >> since > >> > >> > > the > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > current > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > profiles do not have support for this by default. I was > >> trying to > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > duplicate > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > the "Manual Server Certificate Enrollment" profile, and > >> adding > >> > >> > > SAN > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > support. > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > I tried using this as a guild: > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > https://access.redhat.com/documentation/en-US/Red_Hat_ > >> Certificate_System/8.1/html/Admin_Guide/Certificate_and_ > >> CRL_Extensions.html#Subject_Alternative_Name_Extension_Default > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > and > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > https://access.redhat.com/documentation/en-US/Red_Hat_ > >> Certificate_System/8.1/html/Admin_Guide/Managing_Subject_ > >> Names_and_Subject_Alternative_ > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > Names .html > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > This is how the profile looks like: > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > policyset.serverCertSet.9. constraint.class_id= > >> noConstraintImpl > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > policyset.serverCertSet.9.constraint. name =No Constraint > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > policyset.serverCertSet.9. default.class_id= > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > subjectAltNameExtDefaultImpl > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > policyset.serverCertSet.9.default. name = Subject > >> Alternative > >> > >> > > Name > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > Extension > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > Default > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > policyset.serverCertSet.9. default.params. > >> > >> > > > >> > >> > > > subjAltExtGNEnable_0=true > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > policyset.serverCertSet.9. default.params. > >> subjAltExtPattern_0= > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > policyset.serverCertSet.9. default.params.subjAltExtType_ > >> > >> > > 0=DNSName > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > policyset.serverCertSet.9. default.params. > >> > >> > > > >> > >> > > > subjAltNameExtCritical=false > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > policyset.serverCertSet.9. default.params. > >> subjAltNameNumGNs=1 > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > The CSR looks like this: > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > *Common Name :* node1.example.com > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > * Subject Alternative Names :* test.example.com , > >> > >> > > > >> > >> > > > test1.example.com , > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > test2.example.com > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > *Organization:* Test Corp > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > *Organization Unit:* IT Department > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > *Locality:* LA > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > *State:* OR > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > *Country:* US > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > I am doing to do this instead of using wildcard certs. > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > Thanks, > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > Rafael > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > _______________________________________________ > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > Pki-users mailing list > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > [email protected] > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > https://www.redhat.com/mailman/listinfo/pki-users > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > > >> > >> > > > >> > >> > > > >> > >> > > >> > >> > _______________________________________________ Pki-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-users
