[Pki-users] SAN Feild in the MSCE profile
John Magne
jmagne at redhat.com
Sat Nov 7 01:41:19 UTC 2015
If you could possibly give us the "debug" log, the failure could possibly be isolated more easily.
----- Original Message -----
From: "Rafael Leiva-Ochoa" <spawn at rloteck.net>
To: "John Magne" <jmagne at redhat.com>
Cc: pki-users at redhat.com
Sent: Friday, November 6, 2015 5:29:40 PM
Subject: Re: SAN Feild in the MSCE profile
Still not working:
This is what I put on the new profile
policyset.serverCertSet.9.constraint.class_id=noConstraintImpl
policyset.serverCertSet.9.constraint.name=No Constraint
policyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl
policyset.serverCertSet.9.default.name=Subject Alternative Name Extension
Default
policyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true
policyset.serverCertSet.9.default.params.subjAltExtPattern_0=
policyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName
policyset.serverCertSet.9.default.params.subjAltNameExtCritical=false
policyset.serverCertSet.9.default.params.subjAltNameNumGNs=1
The CSR looks like this:
*Common Name:* node1.example.com
*Subject Alternative Names:* test.example.com, test1.example.com,
test2.example.com
*Organization:* Test Corp
*Organization Unit:* IT Department
*Locality:* LA
*State:* OR
*Country:* US
On Thu, Nov 5, 2015 at 4:40 PM, Rafael Leiva-Ochoa <spawn at rloteck.net>
wrote:
> Thx, I will give that a try.
>
>
> On Thursday, November 5, 2015, John Magne <jmagne at redhat.com> wrote:
>
>> You should be able to do this:
>>
>> First for info on profiles and how to make new ones start here:
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Certificate_Profiles.html#about-certificate-profiles
>>
>>
>>
>> If you look in this directory:
>>
>> /var/lib/pki/pki-tomcat/ca/profiles/ca
>>
>> This is where the raw profile files are. Looking through these should
>> provide an example of somebody using the subject alt name extension.
>> Whatever happening there can be created in a new profile.
>>
>>
>> ----- Original Message -----
>> From: "Rafael Leiva-Ochoa" <spawn at rloteck.net>
>> To: pki-users at redhat.com
>> Sent: Thursday, November 5, 2015 12:52:38 PM
>> Subject: [Pki-users] SAN Feild in the MSCE profile
>>
>> Hi Pki-Users,
>>
>> I am trying to create a cert using a CSR that has more then one CN using
>> the Manuel Server Certificate Enrollment (MSCE) profile, but it seem that
>> it does not support a SAN Feild by default. Can I create a custom profile
>> that duplicates the MSCE profile, but adds the SAN Feild? Is so, what is
>> the process for doing that?
>>
>> Thanks,
>>
>> Rafael
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>>
>
More information about the Pki-users
mailing list