Any takers?
On Tue, Jan 10, 2017 at 4:35 PM Rafael Leiva-Ochoa <spawn(a)rloteck.net>
wrote:
Hi Everyone,
I am sorry for asking this question again, but the last time I asked
it, I was confused with the answer. I am trying to create a "certificate
profile" that will support 3 to 4 SAN (Subject Alternative Names), since
the current profiles do not have support for this by default. I was trying
to duplicate the "Manual Server Certificate Enrollment" profile, and adding
SAN support. I tried using this as a guild:
https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/...
and
https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/...
Names.html
This is how the profile looks like:
policyset.serverCertSet.9.constraint.class_id=noConstraintImpl
policyset.serverCertSet.9.constraint.name
<
http://policyset.servercertset.9.constraint.name/>=No Constraint
policyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl
policyset.serverCertSet.9.default.name
<
http://policyset.servercertset.9.default.name/>=Subject Alternative Name
Extension
Default
policyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true
policyset.serverCertSet.9.default.params.subjAltExtPattern_0=
policyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName
policyset.serverCertSet.9.default.params.subjAltNameExtCritical=false
policyset.serverCertSet.9.default.params.subjAltNameNumGNs=1
The CSR looks like this:
*Common Name:*
node1.example.com
*Subject Alternative Names:*
test.example.com,
test1.example.com,
test2.example.com
*Organization:* Test Corp
*Organization Unit:* IT Department
*Locality:* LA
*State:* OR
*Country:* US
I am doing to do this instead of using wildcard certs.
Thanks,
Rafael