[Pki-users] SAN for Launch page.
Marc Sauton
msauton at redhat.com
Thu Mar 29 19:57:11 UTC 2018
Try to add to the pkispawn config file, for example:
pki_san_inject=True
pki_san_for_server_cert=ca01.example.com,ca02.example.com,ca.example.com
Note for the "non-internal" certificates, there is a way to modify
enrollment profiles to add a SAN, but a recent updated feature is described
in the page at
http://www.dogtagpki.org/wiki/PKI_10.4_Copy_CN_To_SAN
Thanks,
M.
On Thu, Mar 29, 2018 at 11:42 AM, Rafael Leiva-Ochoa <spawn at rloteck.net>
wrote:
> Hi Everyone,
>
> I am trying to build a new CA, and I am using the ca.cfg file to
> create the CA, but when I create the CA, the SAN is missing from the
> website cert (:8443). I am trying to look for the right value to put on the
> ca.cfg file for the SAN, so the the launch page does not give me SAN
> errors. Here is what I found, but nothing relating to the SAN:
>
> [CA]
> pki_admin_email=caadmin at example.com
> pki_admin_name=caadmin
> pki_admin_nickname=caadmin
> pki_admin_password=Secret.123
> pki_admin_uid=caadmin
>
> pki_client_database_password=Secret.123
> pki_client_database_purge=False
> pki_client_pkcs12_password=Secret.123
>
> pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
> pki_ds_database=ca
> pki_ds_password=Secret.123
>
> pki_security_domain_name=EXAMPLE
>
> Any ideas?
>
> Rafael
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20180329/a495cac7/attachment.htm>
More information about the Pki-users
mailing list