Re: [Pki-users] setting DNSName in subjectAltName extension
On 08/14/2012 03:26 PM, Mike Helm wrote:
I need to set DNSName in server subjectAltname extensions, but
having difficulty getting the server's name into this field.
I've read this:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Certificate_System...
I can set the RFC822name value using this (see table B-15)
$request.requestor_email$
by making sure there's a requestor_email=something in the GET from the
RA. There really isn;t anything that corresponds to what DNSName should
be but I expected $request.subject$ would do; I added subject=some.thing.dom,
but no, I get "$request.subject$" as a literal string.
I also tried the obviously wrong example in Example B.1 (before the table) -
policyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.SAN1$
same thing, $request.SAN1$ literal.
I can set subjAltExtPattern_1 to my own literal string, but obviously that's
counterproductive. I can set it to $request.requestor_email$ and get the email
address in DNSName - if I didn't have cases where BOTH subjectAltName fields
were needed I'd just re-purpose requestor_email.
So - what works and how? I'm stumped. Any ideas appreciated. Thanks, ==mwh
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
something like this should work fine:
policyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl
policyset.encryptionCertSet.8.constraint.name=No Constraint
policyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint
policyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=true
policyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=8
#
policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.encryptionCertSet.8.default.params.subjAltExtType_0=IPAddress
policyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=10.1.2.3
#
policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_1=true
policyset.encryptionCertSet.8.default.params.subjAltExtType_1=RFC822Name
policyset.encryptionCertSet.8.default.params.subjAltExtPattern_1=$request.SAN1$
#
policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_2=true
policyset.encryptionCertSet.8.default.params.subjAltExtType_2=RFC822Name
policyset.encryptionCertSet.8.default.params.subjAltExtPattern_2=$request.requestor_email$