[Pki-users] SubjectAltName - how?
Ian Koenig
iguy at ionsphere.org
Mon Nov 14 18:17:35 UTC 2016
Hi all,
I have Dogtag 10.3.3 installed from COPR @pki effort onto a CentOS 7.2
(build 1511) system.
I can request and approve various different certs through the system
successfully and have it working properly with SSL client certificates in
Chrome.
What I haven't been able to figure out is how to generate a server SSL Cert
that has SubjectAltName entries in it. An example cnf file I have tried
is
[...]
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = demo.myhome.com
DNS.2 = demo
DNS.3 = demo.prod.myhome.com
[...]
This generates a valid CSR with the SubjectAltNames in it. However when I
send it through to be approved on Dogtag, the SAN gets removed. How do I
setup a profile in Dogtag to allow this CSR with SAN get approved?
Thanks
ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20161114/b24c154c/attachment.htm>
More information about the Pki-users
mailing list