Re: [Pki-users] setting DNSName in subjectAltName extension
Marc Sauton writes:
> I need to set DNSName in server subjectAltname extensions, but
> having difficulty getting the server's name into this field.
...
> I also tried the obviously wrong example in Example B.1 (before
the table) -
> policyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.SAN1$
> same thing, $request.SAN1$ literal.
something like this should work fine:
policyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl
policyset.encryptionCertSet.8.constraint.name=No Constraint
policyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint
policyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=true
policyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=8
#
policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.encryptionCertSet.8.default.params.subjAltExtType_0=IPAddress
policyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=10.1.2.3
#
policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_1=true
policyset.encryptionCertSet.8.default.params.subjAltExtType_1=RFC822Name
policyset.encryptionCertSet.8.default.params.subjAltExtPattern_1=$request.SAN1$
I tried exactly this (see above). I think it is probably wrong, because they
probably meant something else other than SAN1, like subject, but neither
will work. (Look at the table that follows in the doc, or look at the 8.1 doc
where I believe the example is corrected).
The only variable I've succeeded in getting values passed thru is
"requestor_email".
Why? What am I missing?
These variables arrive thru the GET list from the RA, btw.
#
policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_2=true
policyset.encryptionCertSet.8.default.params.subjAltExtType_2=RFC822Name
policyset.encryptionCertSet.8.default.params.subjAltExtPattern_2=$request.requestor_email$
Thanks, ==mwh