[Pki-users] SAN on Certificate
Rafael Leiva-Ochoa
spawn at rloteck.net
Thu Jan 12 22:36:36 UTC 2017
Any takers?
On Tue, Jan 10, 2017 at 4:35 PM Rafael Leiva-Ochoa <spawn at rloteck.net>
wrote:
> Hi Everyone,
>
> I am sorry for asking this question again, but the last time I asked
> it, I was confused with the answer. I am trying to create a "certificate
> profile" that will support 3 to 4 SAN (Subject Alternative Names), since
> the current profiles do not have support for this by default. I was trying
> to duplicate the "Manual Server Certificate Enrollment" profile, and adding
> SAN support. I tried using this as a guild:
>
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Certificate_and_CRL_Extensions.html#Subject_Alternative_Name_Extension_Default
>
> and
>
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Managing_Subject_Names_and_Subject_Alternative_
> Names.html
>
> This is how the profile looks like:
>
> policyset.serverCertSet.9.constraint.class_id=noConstraintImpl
> policyset.serverCertSet.9.constraint.name
> <http://policyset.servercertset.9.constraint.name/>=No Constraint
> policyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl
> policyset.serverCertSet.9.default.name
> <http://policyset.servercertset.9.default.name/>=Subject Alternative Name
> Extension
> Default
> policyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true
> policyset.serverCertSet.9.default.params.subjAltExtPattern_0=
> policyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName
> policyset.serverCertSet.9.default.params.subjAltNameExtCritical=false
> policyset.serverCertSet.9.default.params.subjAltNameNumGNs=1
>
> The CSR looks like this:
>
> *Common Name:* node1.example.com
> *Subject Alternative Names:* test.example.com, test1.example.com,
> test2.example.com
> *Organization:* Test Corp
> *Organization Unit:* IT Department
> *Locality:* LA
> *State:* OR
> *Country:* US
>
> I am doing to do this instead of using wildcard certs.
>
> Thanks,
>
> Rafael
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20170112/89ae31be/attachment.htm>
More information about the Pki-users
mailing list