I can send you the email that I got from the list? Will this be good?

Thanks,

R
On Thu, Jan 12, 2017 at 3:05 PM John Magne <jmagne@redhat.com> wrote:
Hi:



Is there any way you can reproduce the confusing answer you got, which may give us a head start?











----- Original Message -----

> From: "Rafael Leiva-Ochoa" <spawn@rloteck.net>

> To: pki-users@redhat.com

> Sent: Thursday, January 12, 2017 2:36:36 PM

> Subject: Re: [Pki-users] SAN on Certificate

>

> Any takers?

> On Tue, Jan 10, 2017 at 4:35 PM Rafael Leiva-Ochoa < spawn@rloteck.net >

> wrote:

>

>

>

> Hi Everyone,

>

> I am sorry for asking this question again, but the last time I asked it, I

> was confused with the answer. I am trying to create a "certificate profile"

> that will support 3 to 4 SAN (Subject Alternative Names), since the current

> profiles do not have support for this by default. I was trying to duplicate

> the "Manual Server Certificate Enrollment" profile, and adding SAN support.

> I tried using this as a guild:

>

> https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Certificate_and_CRL_Extensions.html#Subject_Alternative_Name_Extension_Default

>

> and

>

> https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Managing_Subject_Names_and_Subject_Alternative_

> Names .html

>

> This is how the profile looks like:

>

> policyset.serverCertSet.9. constraint.class_id= noConstraintImpl

> policyset.serverCertSet.9.constraint. name =No Constraint

> policyset.serverCertSet.9. default.class_id= subjectAltNameExtDefaultImpl

> policyset.serverCertSet.9.default. name = Subject Alternative Name Extension

> Default

> policyset.serverCertSet.9. default.params. subjAltExtGNEnable_0=true

> policyset.serverCertSet.9. default.params. subjAltExtPattern_0=

> policyset.serverCertSet.9. default.params.subjAltExtType_ 0=DNSName

> policyset.serverCertSet.9. default.params. subjAltNameExtCritical=false

> policyset.serverCertSet.9. default.params. subjAltNameNumGNs=1

>

> The CSR looks like this:

>

> *Common Name :* node1.example.com

> * Subject Alternative Names :* test.example.com , test1.example.com ,

> test2.example.com

> *Organization:* Test Corp

> *Organization Unit:* IT Department

> *Locality:* LA

> *State:* OR

> *Country:* US

>

> I am doing to do this instead of using wildcard certs.

>

> Thanks,

>

> Rafael

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

> _______________________________________________

> Pki-users mailing list

> Pki-users@redhat.com

> https://www.redhat.com/mailman/listinfo/pki-users