[Pki-users] Assistance with creating and submitting a Windows LDAPS Certificate; PKI 10.3.3
Richard Harmonson
richard.harmonson at gmail.com
Wed Oct 18 14:41:12 UTC 2017
>
> >
>> > [Extensions]
>> > 2.5.29.17 = "dns=ad.winauth.mydomain.net&"
>> > _continue_ = "dn=CN=AD,OU=Domain Controllers,DC=winauth,DC=mydo
>> main,DC=net&"
>> > _continue_ = "ipaddress=192.168.1.1&"
>> >
>>
>
>
I got it! Essentially, I didn't follow the instructions. Note the missing
"{text}" above! I thought the author was giving an example so excluded it.
After a night's sleep, I checked my erroneous assumption.
[Extensions]
2.5.29.17 = "{text}"
_continue_ = "dns=ad.winauth.mydomain.net&"
_continue_ = "dn=CN=AD,OU=Domain
Controllers,DC=winauth,DC=maydomain,DC=net&"
_continue_ = "ipaddress=192.168.1.1&"
Thank you for your help Fraser.
> I reviewed the suggested log, thank you, which clearly showed DogTag
> complaining about something being provided in the CSR. I couldn't interpret
> exactly what was the problem but I removed the one thing I had never done
> before, the [Extensions] stanza with the SAN.
>
> I successfully submitted!
>
> What is the correct method to provide a 'Subject Alternative Name" in a
> CSR to DogTag? Or am I going about this all wrong? I was intending to
> provide FQDN, IP address, and DN in the SAN.
>
> Thank you,
>
> Richard
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20171018/9f6b1017/attachment.htm>
More information about the Pki-users
mailing list