Re: [Pki-users] SAN on Certificate
Yeah sure, it just forward it to the list.
----- Original Message -----
From: "Rafael Leiva-Ochoa" <spawn(a)rloteck.net>
To: "John Magne" <jmagne(a)redhat.com>
Cc: pki-users(a)redhat.com
Sent: Thursday, January 12, 2017 3:08:50 PM
Subject: Re: [Pki-users] SAN on Certificate
I can send you the email that I got from the list? Will this be good?
Thanks,
R
On Thu, Jan 12, 2017 at 3:05 PM John Magne <jmagne(a)redhat.com> wrote:
Hi:
Is there any way you can reproduce the confusing answer you got, which may
give us a head start?
----- Original Message -----
> From: "Rafael Leiva-Ochoa" <spawn(a)rloteck.net>
> To: pki-users(a)redhat.com
> Sent: Thursday, January 12, 2017 2:36:36 PM
> Subject: Re: [Pki-users] SAN on Certificate
>
> Any takers?
> On Tue, Jan 10, 2017 at 4:35 PM Rafael Leiva-Ochoa < spawn(a)rloteck.net >
> wrote:
>
>
>
> Hi Everyone,
>
> I am sorry for asking this question again, but the last time I asked it,
I
> was confused with the answer. I am trying to create a "certificate
profile"
> that will support 3 to 4 SAN (Subject Alternative Names), since the
current
> profiles do not have support for this by default. I was trying to
duplicate
> the "Manual Server Certificate Enrollment" profile, and adding SAN
support.
> I tried using this as a guild:
>
>
https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/...
>
> and
>
>
https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/...
> Names .html
>
> This is how the profile looks like:
>
> policyset.serverCertSet.9. constraint.class_id= noConstraintImpl
> policyset.serverCertSet.9.constraint. name =No Constraint
> policyset.serverCertSet.9. default.class_id= subjectAltNameExtDefaultImpl
> policyset.serverCertSet.9.default. name = Subject Alternative Name
Extension
> Default
> policyset.serverCertSet.9. default.params. subjAltExtGNEnable_0=true
> policyset.serverCertSet.9. default.params. subjAltExtPattern_0=
> policyset.serverCertSet.9. default.params.subjAltExtType_ 0=DNSName
> policyset.serverCertSet.9. default.params. subjAltNameExtCritical=false
> policyset.serverCertSet.9. default.params. subjAltNameNumGNs=1
>
> The CSR looks like this:
>
> *Common Name :* node1.example.com
> * Subject Alternative Names :* test.example.com , test1.example.com ,
> test2.example.com
> *Organization:* Test Corp
> *Organization Unit:* IT Department
> *Locality:* LA
> *State:* OR
> *Country:* US
>
> I am doing to do this instead of using wildcard certs.
>
> Thanks,
>
> Rafael
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users