[Pki-users] keygen support in RA
Andrew Wnuk
awnuk at redhat.com
Fri Jun 3 17:50:43 UTC 2011
On 06/02/2011 08:04 PM, Mike Helm wrote:
>
> I'm trying to support keygen-provisioned browsers in the RA.
> I can do almost everything needed, but I can't figure out how
> to get the subject name into the certificate.
>
> I can definitely get the CA to pick up the subject name as
> a parameter, but either I am not giving it the right name in the
> parameter blob, or something else is amiss. What the CA does
> is issue these RA-approved requests with the a subject name the
> same as the CA's.
Michael,
You may try to change policy form "Subject Name Default" to "User
Supplied Subject Name Default" in the profile generating your certificate.
>
> (Non-keygen requests are processed differently and the subject AVAs
> should be embedded in the request. It would be nice to be able
> to have RA agents edit request subject names before submission, tho.)
You need to customize RA's UI to add subject name components not
provided by current UI.
Thank you,
Andrew
>
> Help me understand what to do here.
>
> Thanks, ==mwh
> Michael Helm
> ESnet/LBNL
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list