Try to add to the pkispawn config file, for example:

pki_san_inject=True

pki_san_for_server_cert=ca01.example.com,ca02.example.com,ca.example.com

Note for the "non-internal" certificates, there is a way to modify enrollment profiles to add a SAN, but a recent updated feature is described in the page at

http://www.dogtagpki.org/wiki/PKI_10.4_Copy_CN_To_SAN

Thanks,

M.

On Thu, Mar 29, 2018 at 11:42 AM, Rafael Leiva-Ochoa <spawn@rloteck.net> wrote:

Hi Everyone,

I am trying to build a new CA, and I am using the ca.cfg file to create the CA, but when I create the CA, the SAN is missing from the website cert (:8443). I am trying to look for the right value to put on the ca.cfg file for the SAN, so the the launch page does not give me SAN errors. Here is what I found, but nothing relating to the SAN:
[CA]
pki_admin_email=caadmin@example.com
pki_admin_name=caadmin
pki_admin_nickname=caadmin
pki_admin_password=Secret.123
pki_admin_uid=caadmin

pki_client_database_password=Secret.123
pki_client_database_purge=False
pki_client_pkcs12_password=Secret.123

pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
pki_ds_database=ca
pki_ds_password=Secret.123

pki_security_domain_name=EXAMPLE
Any ideas?
Rafael
_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users