<div>Any takers?<br><div class="gmail_quote"><div>On Tue, Jan 10, 2017 at 4:35 PM Rafael Leiva-Ochoa <<a href="mailto:spawn@rloteck.net">spawn@rloteck.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_msg">Hi Everyone, <div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">    I am sorry for asking this question again, but the last time I asked it, I was confused with the answer. I am trying to create a "certificate profile" that will support 3 to 4 SAN (Subject Alternative Names), since the current profiles do not have support for this by default. I was trying to duplicate the "Manual Server Certificate Enrollment" profile, and adding SAN support. I tried using this as a guild:</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg"><a href="https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Certificate_and_CRL_Extensions.html#Subject_Alternative_Name_Extension_Default" rel="noreferrer" style="font-size:12.8px" class="gmail_msg" target="_blank">https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Certificate_and_CRL_Extensions.html#Subject_Alternative_Name_Extension_Default</a><br class="gmail_msg"></div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">and</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg"><a href="https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Managing_Subject_Names_and_Subject_Alternative_Names.html" rel="noreferrer" style="font-size:12.8px" class="gmail_msg" target="_blank">https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Managing_Subject_Names_and_Subject_Alternative_<span class="m_-6128469141216888746gmail-il gmail_msg">Names</span>.html</a><br class="gmail_msg"></div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">This is how the profile looks like:</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg"><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">policyset.serverCertSet.9.</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">constraint.class_id=</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">noConstraintImpl</span><br style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg"><a href="http://policyset.servercertset.9.constraint.name/" rel="noreferrer" style="font-size:12.8px" class="gmail_msg" target="_blank">policyset.serverCertSet.9.constraint.<span class="m_-6128469141216888746gmail-il gmail_msg">name</span></a><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">=No Constraint</span><br style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg"><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">policyset.serverCertSet.9.</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">default.class_id=</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">subjectAltNameExtDefaultImpl</span><br style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg"><a href="http://policyset.servercertset.9.default.name/" rel="noreferrer" style="font-size:12.8px" class="gmail_msg" target="_blank">policyset.serverCertSet.9.default.<span class="m_-6128469141216888746gmail-il gmail_msg">name</span></a><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">=</span><span class="m_-6128469141216888746gmail-il gmail_msg" style="color:rgb(80,0,80);font-size:12.8px">Subject</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg"> </span><span class="m_-6128469141216888746gmail-il gmail_msg" style="color:rgb(80,0,80);font-size:12.8px">Alternative</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg"> </span><span class="m_-6128469141216888746gmail-il gmail_msg" style="color:rgb(80,0,80);font-size:12.8px">Name</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg"> Extension</span><br style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg"><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">Default</span><br style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg"><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">policyset.serverCertSet.9.</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">default.params.</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">subjAltExtGNEnable_0=true</span><br style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg"><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">policyset.serverCertSet.9.</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">default.params.</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">subjAltExtPattern_0=</span><br style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg"><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">policyset.serverCertSet.9.</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">default.params.subjAltExtType_</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">0=DNSName</span><br style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg"><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">policyset.serverCertSet.9.</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">default.params.</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">subjAltNameExtCritical=false</span><br style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg"><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">policyset.serverCertSet.9.</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">default.params.</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">subjAltNameNumGNs=1</span><br class="gmail_msg"></div><div class="gmail_msg"><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg"><br class="gmail_msg"></span></div><div class="gmail_msg"><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg">The CSR looks like this:</span></div><div class="gmail_msg"><span class="m_-6128469141216888746gmail-im gmail_msg" style="font-size:12.8px"><br class="gmail_msg"></span><span style="font-size:12.8px" class="gmail_msg">*Common </span><span class="m_-6128469141216888746gmail-il gmail_msg" style="font-size:12.8px">Name</span><span style="font-size:12.8px" class="gmail_msg">:* </span><a href="http://node1.example.com/" rel="noreferrer" style="font-size:12.8px" class="gmail_msg" target="_blank">node1.example.com</a><br style="font-size:12.8px" class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg">*</span><span class="m_-6128469141216888746gmail-il gmail_msg" style="font-size:12.8px">Subject</span><span style="font-size:12.8px" class="gmail_msg"> </span><span class="m_-6128469141216888746gmail-il gmail_msg" style="font-size:12.8px">Alternative</span><span style="font-size:12.8px" class="gmail_msg"> </span><span class="m_-6128469141216888746gmail-il gmail_msg" style="font-size:12.8px">Names</span><span style="font-size:12.8px" class="gmail_msg">:* </span><a href="http://test.example.com/" rel="noreferrer" style="font-size:12.8px" class="gmail_msg" target="_blank">test.example.com</a><span style="font-size:12.8px" class="gmail_msg">, </span><a href="http://test1.example.com/" rel="noreferrer" style="font-size:12.8px" class="gmail_msg" target="_blank">test1.example.com</a><span style="font-size:12.8px" class="gmail_msg">,</span><br style="font-size:12.8px" class="gmail_msg"><a href="http://test2.example.com/" rel="noreferrer" style="font-size:12.8px" class="gmail_msg" target="_blank">test2.example.com</a><br style="font-size:12.8px" class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg">*Organization:* Test Corp</span><br style="font-size:12.8px" class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg">*Organization Unit:* IT Department</span><br style="font-size:12.8px" class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg">*Locality:* LA</span><br style="font-size:12.8px" class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg">*State:* OR</span><br style="font-size:12.8px" class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg">*Country:* US</span><span style="color:rgb(80,0,80);font-size:12.8px" class="gmail_msg"><br class="gmail_msg"></span></div><div class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg"><br class="gmail_msg"></span></div><div class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg">I am doing to do this instead of using wildcard certs. </span></div><div class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg"><br class="gmail_msg"></span></div><div class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg">Thanks,</span></div><div class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg"><br class="gmail_msg"></span></div><div class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg">Rafael</span></div><div class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg"><br class="gmail_msg"></span></div><div class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg"><br class="gmail_msg"></span></div><div class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg"><br class="gmail_msg"></span></div><div class="gmail_msg"><span style="font-size:12.8px" class="gmail_msg"><br class="gmail_msg"></span></div><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br></div><br><br></blockquote></div></div>