OK:
This is probably your problem:
policyset.serverCertSAN4Set.7.constraint.class_id=noConstraintImpl\
policyset.serverCertSAN4Set.7.constraint.name=No Constraint\
For #7 there, I think you missed a couple of settings from the original. There is
something for default.class_id= blah. Now you don't have one
and the system is complaining. Just have a look
----- Original Message -----
From: "Rafael Leiva-Ochoa" <spawn(a)rloteck.net>
To: "John Magne" <jmagne(a)redhat.com>
Sent: Tuesday, January 17, 2017 3:01:47 PM
Subject: Re: [Pki-users] SAN on Certificate
Yes, Here is the output fro the CS.cfg
profile.caServerCertSAN4.class_id=caEnrollImpl
profile.caServerCertSAN4.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCertSAN4.cfg
and
profile.list=caUserCert,caECUserCert,caUserSMIMEcapCert,caDualCert,caDirBasedDualCert,caECDualCert,AdminCert,caSignedL
ogCert,caTPSCert,caRARouterCert,caRouterCert,caServerCert,caServerCertSAN4,caSubsystemCert,caOtherCert,caCACert,caCros
sSignedCACert,caInstallCACert,caRACert,caOCSPCert,caStorageCert,caTransportCert,caDirPinUserCert,caDirUserCert,caECDir
UserCert,caAgentServerCert,caAgentFileSigning,caCMCUserCert,caFullCMCUserCert,caSimpleCMCUserCert,caTokenDeviceKeyEnro
llment,caTokenUserEncryptionKeyEnrollment,caTokenUserSigningKeyEnrollment,caTempTokenDeviceKeyEnrollment,caTempTokenUs
erEncryptionKeyEnrollment,caTempTokenUserSigningKeyEnrollment,caAdminCert,caInternalAuthServerCert,caInternalAuthTrans
portCert,caInternalAuthDRMstorageCert,caInternalAuthSubsystemCert,caInternalAuthOCSPCert,caInternalAuthAuditSigningCer
t,DomainController,caDualRAuserCert,caRAagentCert,caRAserverCert,caUUIDdeviceCert,caSSLClientSelfRenewal,caDirUserRene
wal,caManualRenewal,caTokenMSLoginEnrollment,caTokenUserSigningKeyRenewal,caTokenUserEncryptionKeyRenewal,caTokenUserA
uthKeyRenewal,caJarSigningCert,caIPAserviceCert,caEncUserCert,caSigningUserCert,caSigningECUserCert,caEncECUserCert,ca
TokenUserDelegateAuthKeyEnrollment,caTokenUserDelegateSigningKeyEnrollment
On Tue, Jan 17, 2017 at 2:58 PM, John Magne <jmagne(a)redhat.com> wrote:
OK:
Did you make sure you put your pofile in the profile.list entry in the
CS.cfg ?
Just trying to rule some things out.
----- Original Message -----
From: "Rafael Leiva-Ochoa" <spawn(a)rloteck.net>
To: "John Magne" <jmagne(a)redhat.com>
Sent: Tuesday, January 17, 2017 2:10:12 PM
Subject: Re: [Pki-users] SAN on Certificate
auth.class_id= is blank by default. This was a direct copy from the
caServerCert.cfg
<
https://git.fedorahosted.org/cgit/pki.git/tree/base/ca/
shared/profiles/ca/caServerCert.cfg>
I
just added the SAN info.
Rafael
On Tue, Jan 17, 2017 at 12:35 PM, John Magne <jmagne(a)redhat.com> wrote:
> Taking a quick look, it appears that you are missing a setting with
> "class_id" in there.
>
> Just a suggestion. Often, for simplicity, when creating a new profile, we
> just copy over an old one and make the changes
> needed to create the new one. This can help to make sure that important
> settings are present.
>
>
>
> ----- Original Message -----
> > From: "Rafael Leiva-Ochoa" <spawn(a)rloteck.net>
> > To: "John Magne" <jmagne(a)redhat.com>
> > Cc: pki-users(a)redhat.com
> > Sent: Monday, January 16, 2017 9:05:59 PM
> > Subject: Re: [Pki-users] SAN on Certificate
> >
> > I just tried creating a new profile, and I got the following error:
> >
> > [16/Jan/2017:20:57:44][localhost-startStop-1]: Start Profile Creation
-
> > caServerCertSAN4 caEnrollImpl
> > com.netscape.cms.profile.common.CAEnrollProfile
> >
> > [16/Jan/2017:20:57:44][localhost-startStop-1]: ProfileSubsystem:
initing
> > com.netscape.cms.profile.common.CAEnrollProfile
> >
> > [16/Jan/2017:20:57:44][localhost-startStop-1]: BasicProfile: start
init
> >
> > [16/Jan/2017:20:57:44][localhost-startStop-1]: WARNING, can't get
> default
> > plugin id!
> >
> > [16/Jan/2017:20:57:44][localhost-startStop-1]:
> > java.lang.NullPointerException
> >
> > java.lang.NullPointerException
> >
> > at
> > com.netscape.cms.profile.common.BasicProfile.createProfilePolicy(
> BasicProfile.java:891)
> >
> > at com.netscape.cms.profile.common.BasicProfile.init(
> BasicProfile.java:347)
> >
> > at
> > com.netscape.cmscore.profile.ProfileSubsystem.createProfile(
> ProfileSubsystem.java:126)
> >
> > at
> > com.netscape.cmscore.profile.ProfileSubsystem.init(
> ProfileSubsystem.java:85)
> >
> > at com.netscape.cmscore.apps.CMSEngine.initSubsystem(
> CMSEngine.java:1169)
> >
> > at com.netscape.cmscore.apps.CMSEngine.initSubsystems(
> CMSEngine.java:1075)
> >
> > at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:581)
> >
> > at com.netscape.certsrv.apps.CMS.init(CMS.java:187)
> >
> > at com.netscape.certsrv.apps.CMS.start(CMS.java:1616)
> >
> > at
> > com.netscape.cms.servlet.base.CMSStartServlet.init(
> CMSStartServlet.java:114)
> >
> > at javax.servlet.GenericServlet.init(GenericServlet.java:158)
> >
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >
> > at
> > sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
> >
> > at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> >
> > at java.lang.reflect.Method.invoke(Method.java:498)
> >
> > at org.apache.catalina.security.SecurityUtil$1.run(
> SecurityUtil.java:293)
> >
> > at org.apache.catalina.security.SecurityUtil$1.run(
> SecurityUtil.java:290)
> >
> > at java.security.AccessController.doPrivileged(Native Method)
> >
> > at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >
> > at org.apache.catalina.security.SecurityUtil.execute(
> SecurityUtil.java:325)
> >
> > at
> > org.apache.catalina.security.SecurityUtil.doAsPrivilege(
> SecurityUtil.java:176)
> >
> > at
> > org.apache.catalina.security.SecurityUtil.doAsPrivilege(
> SecurityUtil.java:124)
> >
> > at
> > org.apache.catalina.core.StandardWrapper.initServlet(
> StandardWrapper.java:1215)
> >
> > at
> > org.apache.catalina.core.StandardWrapper.loadServlet(
> StandardWrapper.java:1140)
> >
> > at org.apache.catalina.core.StandardWrapper.load(
> StandardWrapper.java:1027)
> >
> > at
> > org.apache.catalina.core.StandardContext.loadOnStartup(
> StandardContext.java:5038)
> >
> > at
> > org.apache.catalina.core.StandardContext.startInternal(
> StandardContext.java:5348)
> >
> > at org.apache.catalina.util.LifecycleBase.start(
LifecycleBase.java:145)
> >
> > at
> > org.apache.catalina.core.ContainerBase.addChildInternal(
> ContainerBase.java:753)
> >
> > at org.apache.catalina.core.ContainerBase.access$000(
> ContainerBase.java:131)
> >
> > at
> > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(
> ContainerBase.java:153)
> >
> > at
> > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(
> ContainerBase.java:143)
> >
> > at java.security.AccessController.doPrivileged(Native Method)
> >
> > at org.apache.catalina.core.ContainerBase.addChild(
> ContainerBase.java:727)
> >
> > at org.apache.catalina.core.StandardHost.addChild(
StandardHost.java:717)
> >
> > at
> > org.apache.catalina.startup.HostConfig.deployDescriptor(
> HostConfig.java:587)
> >
> > at
> > org.apache.catalina.startup.HostConfig$DeployDescriptor.
> run(HostConfig.java:1798)
> >
> > at java.util.concurrent.Executors$RunnableAdapter.
> call(Executors.java:511)
> >
> > at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> >
> > at
> > java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> >
> > at
> > java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> >
> > at java.lang.Thread.run(Thread.java:745)
> >
> > [16/Jan/2017:20:57:44][localhost-startStop-1]: Done Profile Creation -
> > caServerCertSAN4
> >
> >
> > I made sure to add the following lines to the CS.cfg:
> >
> > profile.caServerCertSAN4.class_id=caEnrollImpl
> >
> > profile.caServerCertSAN4.config=/var/lib/pki/pki-
tomcat/ca/profiles/ca/
> caServerCertSAN4.cfg
> >
> > I attached the profile on this email.
> >
> > Any help would be great,
> >
> > Rafael
> >
> > On Fri, Jan 13, 2017 at 11:45 AM, Rafael Leiva-Ochoa <
spawn(a)rloteck.net>
> > wrote:
> >
> > > Thanks John I will give this a try tonight.
> > >
> > >
> > > On Fri, Jan 13, 2017 at 11:43 AM John Magne <jmagne(a)redhat.com>
wrote:
> > >
> > >> OK:
> > >>
> > >>
> > >>
> > >> The reason to ask about GUI, is because this make it easier for us
to
> > >> make sure
> > >>
> > >> the request has the info needed.
> > >>
> > >>
> > >>
> > >> Take a look at this one: /var/lib/pki-ca/profiles/ca/
> DomainController.cfg
> > >>
> > >>
> > >>
> > >> This profile has the default for 2 SANs as in this snippet.
> > >>
> > >>
> > >>
> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.class_id=
> > >> subjectAltNameExtDefaultImpl
> > >>
> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.name=Subject
Alt
> > >> Name Constraint
> > >>
> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.params.
> > >> subjAltNameExtCritical=false
> > >>
> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.
> > >> default.params.subjAltExtType_0=RFC822Name
> > >>
> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.params.
> > >> subjAltExtPattern_0=$request.requestor_email$
> > >>
> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.params.
> > >> subjAltExtGNEnable_0=true
> > >>
> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.
> > >> default.params.subjAltExtType_1=OtherName
> > >>
> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.params.
> > >> subjAltExtPattern_1=(IA5String)1.2.3.4,$server.source$
> > >>
> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.params.
> > >> subjAltExtGNEnable_1=true
> > >>
> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.params.
> > >> subjAltExtSource_1=UUID4
> > >>
> > >> caUUIDdeviceCert.cfg:policyset.userCertSet.8.default.params.
> > >> subjAltNameNumGNs=2
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> Note the NumGNs is set to 2. It also uses parameters from the GUI to
> > >> populate the values.
> > >>
> > >>
> > >>
> > >> If you have more non standard inputs you want to put in your
profile,
> I
> > >> believe there is a user defined
> > >>
> > >> input that can be used. This way you can give it any id you want and
> the
> > >> profile can be told to get that
> > >>
> > >> particular value to put in place.
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> ----- Original Message -----
> > >>
> > >> > From: "Rafael Leiva-Ochoa" <spawn(a)rloteck.net>
> > >>
> > >> > To: "John Magne" <jmagne(a)redhat.com>
> > >>
> > >> > Cc: pki-users(a)redhat.com
> > >>
> > >> > Sent: Friday, January 13, 2017 10:39:54 AM
> > >>
> > >> > Subject: Re: [Pki-users] SAN on Certificate
> > >>
> > >> >
> > >>
> > >> > It's a GUI.
> > >>
> > >> >
> > >>
> > >> > Does it matter? Would it make a difference if I use OpenSSL to
> > >> generate
> > >>
> > >> > the CSR ?
> > >>
> > >> > On Fri, Jan 13, 2017 at 10:38 AM John Magne
<jmagne(a)redhat.com>
> wrote:
> > >>
> > >> >
> > >>
> > >> > > Yes, that is the idea.
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > > If the code is able to pull info out of the request with
those
> id's,
> > >> as in
> > >>
> > >> > > the profile snippet,
> > >>
> > >> > >
> > >>
> > >> > > it will put them in the cert.
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > > Might you let us know what kind of csr you are using? Is it
> something
> > >>
> > >> > > external, or are you using the gui?
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > > ----- Original Message -----
> > >>
> > >> > >
> > >>
> > >> > > From: "Rafael Leiva-Ochoa"
<spawn(a)rloteck.net>
> > >>
> > >> > >
> > >>
> > >> > > To: "John Magne" <jmagne(a)redhat.com>
> > >>
> > >> > >
> > >>
> > >> > > Cc: pki-users(a)redhat.com
> > >>
> > >> > >
> > >>
> > >> > > Sent: Thursday, January 12, 2017 4:57:58 PM
> > >>
> > >> > >
> > >>
> > >> > > Subject: Re: [Pki-users] SAN on Certificate
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > > On the CSR there are SAN input fields...would it get them
from
> there
> > >> using
> > >>
> > >> > >
> > >>
> > >> > > the settings you stated below?
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > > On Thu, Jan 12, 2017 at 4:53 PM John Magne
<jmagne(a)redhat.com>
> wrote:
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> > > > Hi:
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > Not to sound like a broken record and say the same
thing
again,
> but
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > I looked at this link you printed:
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
https://access.redhat.com/documentation/en-US/Red_Hat_
> > >> Certificate_System/8.1/html/Admin_Guide/Certificate_and_
> > >> CRL_Extensions.html#Subject_Alternative_Name_Extension_Default
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > Note in there for the custom profile it has this
setting:
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
policyset.serverCertSet.9.default.params.subjAltNameNumGNs=4
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > Then for each "index" it has some different
settings that
> determine
> > >> how
> > >>
> > >> > >
> > >>
> > >> > > > the info is gathered for that particular SAN, like
this:
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > policyset.serverCertSet.9.default.params.
> subjAltExtGNEnable_0=true
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > > policyset.serverCertSet.9.default.params.
> > >> subjAltExtPattern_0=$request.requester_email$
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > and
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > policyset.serverCertSet.9.default.params.
> subjAltExtGNEnable_1=true
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > > policyset.serverCertSet.9.default.params.
> > >> subjAltExtPattern_1=$request.SAN1$
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > Off the top of my head, I"m not sure where
it's getting those
> > >> "values"
> > >>
> > >> > >
> > >>
> > >> > > > from. I'd have to go try it myself.
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > But to start with you might want to just configure
your
profile
> in
> > >> this
> > >>
> > >> > >
> > >>
> > >> > > > kind of way, and then we can figure out
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > any problems with where the data is coming from.
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > It may take a quick look at the code to see what is
going on
> there.
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > thanks,
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > jack
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > As a first test, if you are not providing the proper
data for
> say 2
> > >> or 3
> > >>
> > >> > >
> > >>
> > >> > > > sans, I suspect that the final output may show that you
tried
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > to set 3 sans but the data is null or something,
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > thanks,
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > jack
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > ----- Original Message -----
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > From: "Rafael Leiva-Ochoa"
<spawn(a)rloteck.net>
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > To: "John Magne"
<jmagne(a)redhat.com>
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > Cc: pki-users(a)redhat.com
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > Sent: Thursday, January 12, 2017 3:38:11 PM
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > Subject: Re: [Pki-users] SAN on Certificate
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > Here is the last one I got...
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > "The patterns are defined,
"hard-coded", as part of the
> profile
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > configuration. Therefore the number of SANs for
any given
> profile
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > is fixed (if you are using the
SubjectAltNameExtDefault
> class).
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > Each pattern gets formatted using information
available in
the
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > request. See the documentation linked below for a
table of
> the
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > variables you can include in these patterns.
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > I cannot see a way to propagate arbitrary domain
names,
other
> than
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > the CN (which is available as the $
> request.req_subject_name.cn$
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > variable), into SAN names, via
SubjectAltNameExtDefault."
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > You also responded with the links I have on this
email.
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > The original email subject on the list was:
"SAN Feild in
the
> MSCE
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > profile". I think you told me last time you
were too busy
to
> > >> help.
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > Thanks,
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > R
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > On Thu, Jan 12, 2017 at 3:25 PM John Magne <
jmagne(a)redhat.com
> >
> > >> wrote:
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > Yeah sure, it just forward it to the list.
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > ----- Original Message -----
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > From: "Rafael Leiva-Ochoa"
<spawn(a)rloteck.net>
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > To: "John Magne"
<jmagne(a)redhat.com>
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > Cc: pki-users(a)redhat.com
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > Sent: Thursday, January 12, 2017 3:08:50 PM
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > Subject: Re: [Pki-users] SAN on Certificate
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > I can send you the email that I got from the
list? Will
> this be
> > >>
> > >> > > good?
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > Thanks,
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > R
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > On Thu, Jan 12, 2017 at 3:05 PM John Magne
<
> jmagne(a)redhat.com>
> > >>
> > >> > > wrote:
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > Hi:
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > Is there any way you can reproduce the
confusing answer
> you
> > >> got,
> > >>
> > >> > >
> > >>
> > >> > > > which
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > may
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > give us a head start?
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > ----- Original Message -----
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > From: "Rafael
Leiva-Ochoa" <spawn(a)rloteck.net>
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > To: pki-users(a)redhat.com
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > Sent: Thursday, January 12, 2017
2:36:36 PM
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > Subject: Re: [Pki-users] SAN on
Certificate
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > Any takers?
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > On Tue, Jan 10, 2017 at 4:35 PM
Rafael Leiva-Ochoa <
> > >>
> > >> > >
> > >>
> > >> > > > spawn(a)rloteck.net
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > wrote:
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > Hi Everyone,
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > I am sorry for asking this question
again, but the
last
> > >> time I
> > >>
> > >> > >
> > >>
> > >> > > > asked
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > it,
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > I
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > was confused with the answer. I am
trying to create a
> > >>
> > >> > > "certificate
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > profile"
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > that will support 3 to 4 SAN
(Subject Alternative
> Names),
> > >> since
> > >>
> > >> > > the
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > current
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > profiles do not have support for
this by default. I
was
> > >> trying to
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > duplicate
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > the "Manual Server Certificate
Enrollment" profile,
and
> > >> adding
> > >>
> > >> > > SAN
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > support.
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > I tried using this as a guild:
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
https://access.redhat.com/documentation/en-US/Red_Hat_
> > >> Certificate_System/8.1/html/Admin_Guide/Certificate_and_
> > >> CRL_Extensions.html#Subject_Alternative_Name_Extension_Default
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > and
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
https://access.redhat.com/documentation/en-US/Red_Hat_
> > >> Certificate_System/8.1/html/Admin_Guide/Managing_Subject_
> > >> Names_and_Subject_Alternative_
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > Names .html
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > This is how the profile looks
like:
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > policyset.serverCertSet.9.
constraint.class_id=
> > >> noConstraintImpl
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
policyset.serverCertSet.9.constraint. name =No
> Constraint
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > policyset.serverCertSet.9.
default.class_id=
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > subjectAltNameExtDefaultImpl
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > policyset.serverCertSet.9.default.
name = Subject
> > >> Alternative
> > >>
> > >> > > Name
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > Extension
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > Default
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > policyset.serverCertSet.9.
default.params.
> > >>
> > >> > >
> > >>
> > >> > > > subjAltExtGNEnable_0=true
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > policyset.serverCertSet.9.
default.params.
> > >> subjAltExtPattern_0=
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > policyset.serverCertSet.9.
> default.params.subjAltExtType_
> > >>
> > >> > > 0=DNSName
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > policyset.serverCertSet.9.
default.params.
> > >>
> > >> > >
> > >>
> > >> > > > subjAltNameExtCritical=false
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > policyset.serverCertSet.9.
default.params.
> > >> subjAltNameNumGNs=1
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > The CSR looks like this:
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > *Common Name :*
node1.example.com
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > * Subject Alternative Names :*
test.example.com ,
> > >>
> > >> > >
> > >>
> > >> > > >
test1.example.com ,
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
test2.example.com
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > *Organization:* Test Corp
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > *Organization Unit:* IT Department
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > *Locality:* LA
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > *State:* OR
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > *Country:* US
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > I am doing to do this instead of
using wildcard certs.
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > Thanks,
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > Rafael
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
_______________________________________________
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > Pki-users mailing list
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > > Pki-users(a)redhat.com
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > > >
https://www.redhat.com/mailman/listinfo/pki-users
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > > >
> > >>
> > >> > >
> > >>
> > >> > >
> > >>
> > >> >
> > >>
> > >>
> >
>