setting DNSName in subjectAltName extension
by Mike Helm
I need to set DNSName in server subjectAltname extensions, but
having difficulty getting the server's name into this field.
I've read this:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Certificate_System...
I can set the RFC822name value using this (see table B-15)
$request.requestor_email$
by making sure there's a requestor_email=something in the GET from the
RA. There really isn;t anything that corresponds to what DNSName should
be but I expected $request.subject$ would do; I added subject=some.thing.dom,
but no, I get "$request.subject$" as a literal string.
I also tried the obviously wrong example in Example B.1 (before the table) -
policyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.SAN1$
same thing, $request.SAN1$ literal.
I can set subjAltExtPattern_1 to my own literal string, but obviously that's
counterproductive. I can set it to $request.requestor_email$ and get the email
address in DNSName - if I didn't have cases where BOTH subjectAltName fields
were needed I'd just re-purpose requestor_email.
So - what works and how? I'm stumped. Any ideas appreciated. Thanks, ==mwh
12 years, 3 months
Using SPKAC with DogTag Command line API
by Riccardo Brunetti
Dear pki-users.
We would like to use the CMCEnroll and HttpClient commands to send a
certificate request to the CA backend and retrieve the certificate.
We succeeded in doing this using a PKCS10 certificate request, but we
need to do the same using a SPKAC request format (like the one
originally produced by Firefox).
As far as we understood the RA subsystem is able to somehow convert the
SPKAC in PKCS10 but in our setup the RA susbsystem is not used.
Does anybody of you have some suggestions?
Thank you very much
Cheers
R. Brunetti
--
-------------------
Riccardo Brunetti
INFN - Torino
Tel: +390116707295
Skype: rbrunetti
-------------------
12 years, 4 months
Backup/restore of Dogtag servers when migrating FC15 to FC17
by Jamil Nimeh
Hi all, I was looking at migrating the OS I run the CA, RA and OCSP on
from Fedora 15 servers to Fedora 17. I saw the section in the admin
guide relating to backup/restore (sec 12.10 in the 8.1 guide) and wanted
to know if this approach will work when the restore is happening on a
different target OS than the source OS (i.e. FC17 from a FC15 source).
Has anyone tried it? Any pitfalls I need to be aware of above and
beyond the stuff outlined in the documentation?
Thank you,
Jamil
12 years, 4 months
