policyset.serverCertSet.9.constraint.class_id=noConstraintImpl
policyset.serverCertSet.9.constraint.name=No Constraint
policyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl
policyset.serverCertSet.9.default.name=Subject Alternative Name Extension Default
policyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true
policyset.serverCertSet.9.default.params.subjAltExtPattern_0=
policyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName
policyset.serverCertSet.9.default.params.subjAltNameExtCritical=false
policyset.serverCertSet.9.default.params.subjAltNameNumGNs=1
The CSR looks like this:
Common Name: node1.example.com
Subject Alternative Names: test.example.com, test1.example.com, test2.example.com
Organization: Test Corp
Organization Unit: IT Department
Locality: LA
State: OR
Country: US
Thx, I will give that a try.
On Thursday, November 5, 2015, John Magne <jmagne@redhat.com> wrote:You should be able to do this:
First for info on profiles and how to make new ones start here:
https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Certificate_Profiles.html#about-certificate-profiles
If you look in this directory:
/var/lib/pki/pki-tomcat/ca/profiles/ca
This is where the raw profile files are. Looking through these should provide an example of somebody using the subject alt name extension.
Whatever happening there can be created in a new profile.
----- Original Message -----
From: "Rafael Leiva-Ochoa" <spawn@rloteck.net>
To: pki-users@redhat.com
Sent: Thursday, November 5, 2015 12:52:38 PM
Subject: [Pki-users] SAN Feild in the MSCE profile
Hi Pki-Users,
I am trying to create a cert using a CSR that has more then one CN using the Manuel Server Certificate Enrollment (MSCE) profile, but it seem that it does not support a SAN Feild by default. Can I create a custom profile that duplicates the MSCE profile, but adds the SAN Feild? Is so, what is the process for doing that?
Thanks,
Rafael
_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users