Re: [Pki-users] SAN on Certificate

From: "Rafael Leiva-Ochoa" <spawn(a)rloteck.net&gt; To: pki-users(a)redhat.com Sent: Thursday, January 12, 2017 2:36:36 PM Subject: Re: [Pki-users] SAN on Certificate Any takers? On Tue, Jan 10, 2017 at 4:35 PM Rafael Leiva-Ochoa < spawn(a)rloteck.net > wrote: Hi Everyone, I am sorry for asking this question again, but the last time I asked it, I was confused with the answer. I am trying to create a "certificate profile" that will support 3 to 4 SAN (Subject Alternative Names), since the current profiles do not have support for this by default. I was trying to duplicate the "Manual Server Certificate Enrollment" profile, and adding SAN support. I tried using this as a guild: https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/... and https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/... Names .html This is how the profile looks like: policyset.serverCertSet.9. constraint.class_id= noConstraintImpl policyset.serverCertSet.9.constraint. name =No Constraint policyset.serverCertSet.9. default.class_id= subjectAltNameExtDefaultImpl policyset.serverCertSet.9.default. name = Subject Alternative Name Extension Default policyset.serverCertSet.9. default.params. subjAltExtGNEnable_0=true policyset.serverCertSet.9. default.params. subjAltExtPattern_0= policyset.serverCertSet.9. default.params.subjAltExtType_ 0=DNSName policyset.serverCertSet.9. default.params. subjAltNameExtCritical=false policyset.serverCertSet.9. default.params. subjAltNameNumGNs=1 The CSR looks like this: *Common Name :* node1.example.com * Subject Alternative Names :* test.example.com , test1.example.com , test2.example.com *Organization:* Test Corp *Organization Unit:* IT Department *Locality:* LA *State:* OR *Country:* US I am doing to do this instead of using wildcard certs. Thanks, Rafael _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users