Hi Everyone,

I am sorry for asking this question again, but the last time I asked it, I was confused with the answer. I am trying to create a "certificate profile" that will support 3 to 4 SAN (Subject Alternative Names), since the current profiles do not have support for this by default. I was trying to duplicate the "Manual Server Certificate Enrollment" profile, and adding SAN support. I tried using this as a guild:

https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Certificate_and_CRL_Extensions.html#Subject_Alternative_Name_Extension_Default

and

https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Managing_Subject_Names_and_Subject_Alternative_Names.html

This is how the profile looks like:

policyset.serverCertSet.9.constraint.class_id=noConstraintImpl
policyset.serverCertSet.9.constraint.name=No Constraint
policyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl
policyset.serverCertSet.9.default.name=Subject Alternative Name Extension
Default
policyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true
policyset.serverCertSet.9.default.params.subjAltExtPattern_0=
policyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName
policyset.serverCertSet.9.default.params.subjAltNameExtCritical=false
policyset.serverCertSet.9.default.params.subjAltNameNumGNs=1

The CSR looks like this:

*Common Name:* node1.example.com
*Subject Alternative Names:* test.example.com, test1.example.com,
test2.example.com
*Organization:* Test Corp
*Organization Unit:* IT Department
*Locality:* LA
*State:* OR
*Country:* US

I am doing to do this instead of using wildcard certs.

Thanks,

Rafael