[Pki-users] SAN on Certificate
Rafael Leiva-Ochoa
spawn at rloteck.net
Thu Jan 12 23:08:50 UTC 2017
I can send you the email that I got from the list? Will this be good?
Thanks,
R
On Thu, Jan 12, 2017 at 3:05 PM John Magne <jmagne at redhat.com> wrote:
> Hi:
>
>
>
> Is there any way you can reproduce the confusing answer you got, which may
> give us a head start?
>
>
>
>
>
>
>
>
>
>
>
> ----- Original Message -----
>
> > From: "Rafael Leiva-Ochoa" <spawn at rloteck.net>
>
> > To: pki-users at redhat.com
>
> > Sent: Thursday, January 12, 2017 2:36:36 PM
>
> > Subject: Re: [Pki-users] SAN on Certificate
>
> >
>
> > Any takers?
>
> > On Tue, Jan 10, 2017 at 4:35 PM Rafael Leiva-Ochoa < spawn at rloteck.net >
>
> > wrote:
>
> >
>
> >
>
> >
>
> > Hi Everyone,
>
> >
>
> > I am sorry for asking this question again, but the last time I asked it,
> I
>
> > was confused with the answer. I am trying to create a "certificate
> profile"
>
> > that will support 3 to 4 SAN (Subject Alternative Names), since the
> current
>
> > profiles do not have support for this by default. I was trying to
> duplicate
>
> > the "Manual Server Certificate Enrollment" profile, and adding SAN
> support.
>
> > I tried using this as a guild:
>
> >
>
> >
> https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Certificate_and_CRL_Extensions.html#Subject_Alternative_Name_Extension_Default
>
> >
>
> > and
>
> >
>
> >
> https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Managing_Subject_Names_and_Subject_Alternative_
>
> > Names .html
>
> >
>
> > This is how the profile looks like:
>
> >
>
> > policyset.serverCertSet.9. constraint.class_id= noConstraintImpl
>
> > policyset.serverCertSet.9.constraint. name =No Constraint
>
> > policyset.serverCertSet.9. default.class_id= subjectAltNameExtDefaultImpl
>
> > policyset.serverCertSet.9.default. name = Subject Alternative Name
> Extension
>
> > Default
>
> > policyset.serverCertSet.9. default.params. subjAltExtGNEnable_0=true
>
> > policyset.serverCertSet.9. default.params. subjAltExtPattern_0=
>
> > policyset.serverCertSet.9. default.params.subjAltExtType_ 0=DNSName
>
> > policyset.serverCertSet.9. default.params. subjAltNameExtCritical=false
>
> > policyset.serverCertSet.9. default.params. subjAltNameNumGNs=1
>
> >
>
> > The CSR looks like this:
>
> >
>
> > *Common Name :* node1.example.com
>
> > * Subject Alternative Names :* test.example.com , test1.example.com ,
>
> > test2.example.com
>
> > *Organization:* Test Corp
>
> > *Organization Unit:* IT Department
>
> > *Locality:* LA
>
> > *State:* OR
>
> > *Country:* US
>
> >
>
> > I am doing to do this instead of using wildcard certs.
>
> >
>
> > Thanks,
>
> >
>
> > Rafael
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> > _______________________________________________
>
> > Pki-users mailing list
>
> > Pki-users at redhat.com
>
> > https://www.redhat.com/mailman/listinfo/pki-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20170112/5802e435/attachment.htm>
More information about the Pki-users
mailing list