Hi all,
I have Dogtag 10.3.3 installed from COPR @pki effort onto a CentOS 7.2 (build 1511) system.
I can request and approve various different certs through the system successfully and have it working properly with SSL client certificates in Chrome.
What I haven't been able to figure out is how to generate a server SSL Cert that has SubjectAltName entries in it. An example cnf file I have tried is
[...]
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[ alt_names ]
DNS.2 = demo
[...]
This generates a valid CSR with the SubjectAltNames in it. However when I send it through to be approved on Dogtag, the SAN gets removed. How do I setup a profile in Dogtag to allow this CSR with SAN get approved?
Thanks
ian