I can not believe that I am in a unique position. I needed a PKI setup for a development environment that develops Highly Available services. Production environment uses commercial certificates, with multiple DNSName type SubjectAltName fields. On first sight and test DogTag looked like it would do everything I want. so I have a box with Fedora 20 and Dogtag installed. Installed Packages dogtag-pki.noarch 10.1.1-1.fc20 dogtag-pki-console-theme.noarch 10.1.1-1.fc20 dogtag-pki-server-theme.noarch 10.1.1-1.fc20 pki-base.noarch 10.1.1-1.fc20 pki-ca.noarch 10.1.1-1.fc20 pki-console.noarch 10.1.1-1.fc20 pki-javadoc.noarch 10.1.1-1.fc20 pki-kra.noarch 10.1.1-1.fc20 pki-ocsp.noarch 10.1.1-1.fc20 pki-ra.noarch 10.1.1-1.fc20 pki-server.noarch 10.1.1-1.fc20 pki-symkey.x86_64 10.1.1-1.fc20 pki-tks.noarch 10.1.1-1.fc20 pki-tools.x86_64 10.1.1-1.fc20 pki-tps.x86_64 10.1.1-1.fc20 I also have a deployment script that generates a certificate request with the required alternate DNS names. In the current case 7 servers with 4 alternate names each. I then discovered that while it gives no errors or warnings the policy /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg silently ignores subjectaltName from the request. Following various sets of notes found on line, I have a hacked version caServerCertAlt.cfg along with chnages to /etc/pki/pki-tomcat/ca/registry.cfg and /etc/pki/pki-tomcat/ca/CS.cfg this provides a box to enter the alternate names while approving the certificate request. To that extent it works, however it does not initialise the form with the values from the request. Insted they get initialised to "DNSName: $request.SAN1$" Most of the on line notes seam to be linking back to Example B1 in the Red_Hat_Certificate_System 8.0 Admin Guide https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/... Searching this list returned a message from August 2012 https://www.redhat.com/archives/pki-users/2012-August/msg00006.html Which suggests that the manual is wrong, or at leased wrong for DogTag. Can anyone help with a working example, or point me to a page with the correct information.