[Pki-users] setting DNSName in subjectAltName extension

[Mike Helm]

Mike Helm writes:
> Marc Sauton writes:
> > > I need to set DNSName in server subjectAltname extensions, but
> > > having difficulty getting the server's name into this field.
> 
> > something like this should work fine:
> > policyset.encryptionCertSet.8.default.params.subjAltExtPattern_1=$request.SAN1$
> 
> I tried exactly this (see above).  I think it is probably wrong, because they

We solved this by finding out how to define a variable that can be used for
filtering.  How exactly this was found out I don't know - my colleague (cc'd)
discovered it & mentioned it to me.  this process might be described in the
admin book somewhere, but I missed it.

Here's an extract from a profile .cfg file:

input.i3.name=Generic Input
input.i3.params.gi_display_name0=HostName 1
 ...
input.i3.params.gi_param_enable0=true
 ...
input.i3.params.gi_param_name0=csrDNSName1
 ...
input.i3.params.gi_param_name1=csrDNSName2
input.i3.params.gi_param_name2=csrDNSName3
 ...
input.params.gi_display_name0=HostName 1
 ...
input.params.gi_param_enable0=true
 ...
input.params.gi_param_name0=csrDNSName1
 ...
policyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.requestor_email$
policyset.serverCertSet.9.default.params.subjAltExtPattern_0=$request.csrDNSName1$
 ...
policyset.serverCertSet.9.default.params.subjAltExtType_1=RFC822Name
policyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName
 ...