[Pki-users] SAN on Certificate

[Rafael Leiva-Ochoa]

Hi Everyone,

    I am sorry for asking this question again, but the last time I asked
it, I was confused with the answer. I am trying to create a "certificate
profile" that will support 3 to 4 SAN (Subject Alternative Names), since
the current profiles do not have support for this by default. I was trying
to duplicate the "Manual Server Certificate Enrollment" profile, and adding
SAN support. I tried using this as a guild:

https://access.redhat.com/documentation/en-US/Red_Hat_
Certificate_System/8.1/html/Admin_Guide/Certificate_and_
CRL_Extensions.html#Subject_Alternative_Name_Extension_Default

and

https://access.redhat.com/documentation/en-US/Red_Hat_
Certificate_System/8.1/html/Admin_Guide/Managing_Subject_
Names_and_Subject_Alternative_Names.html

This is how the profile looks like:

policyset.serverCertSet.9.constraint.class_id=noConstraintImpl
policyset.serverCertSet.9.constraint.name
<http://policyset.servercertset.9.constraint.name/>=No Constraint
policyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl
policyset.serverCertSet.9.default.name
<http://policyset.servercertset.9.default.name/>=Subject Alternative Name
 Extension
Default
policyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true
policyset.serverCertSet.9.default.params.subjAltExtPattern_0=
policyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName
policyset.serverCertSet.9.default.params.subjAltNameExtCritical=false
policyset.serverCertSet.9.default.params.subjAltNameNumGNs=1

The CSR looks like this:

*Common Name:* node1.example.com
*Subject Alternative Names:* test.example.com, test1.example.com,
test2.example.com
*Organization:* Test Corp
*Organization Unit:* IT Department
*Locality:* LA
*State:* OR
*Country:* US

I am doing to do this instead of using wildcard certs.

Thanks,

Rafael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20170110/871ba514/attachment.htm>