[Pki-devel] [PATCH]pki-cfu-0047-Ticket-1316-Allow-adding-SAN-to-server-cert-during-t.patch

Christina Fu cfu at redhat.com
Tue Apr 21 00:00:47 UTC 2015 

now with the attachment.

On 04/20/2015 02:24 PM, Christina Fu wrote:
> This patch allows SAN to be specified for the server cert during 
> installation.
> It ports some of the code from now obsolete 8.1 errata that dealt with 
> IP port separation, and added needed pkispawn config parameters and 
> example enrollment profile with SAN patterns
>
> note: the installation part of san injection code ported was 
> originally authored by mharmsen, while the backend SAN input code 
> (authored by myself) was already ported earlier for other purpose.
>
> Usage:
> * under /usr/share/pki/ca/conf, you will find a new file called 
> serverCert.profile.exampleWithSANpattern
> * copy existing serverCert.profile away and replace with 
> serverCert.profile.exampleWithSANpattern
> * edit serverCert.profile.exampleWithSANpattern
>   - follow the instruction right above 8.default.
>   - save and quit
> * cd /usr/share/pki/ca/profiles/ca , edit caInternalAuthServerCert.cfg
>   - follow the instruction right above policyset.serverCertSet.9
>   - save and quit
> * save away and edit the ca config file for pkispawn: (note: you can 
> add multiple SAN's delimited by ',' for pki_san_server_cert
>   - add the following lines, e.g.
>     pki_san_inject=True
>     pki_san_server_cert=host1.Example.com
>   - do the same pkispawn cfg changes for kra or any other instances 
> that you plan on creating
> * create your instance(s)
>   check the sl sever cert, it should contain something like the 
> following:
>
>                 Identifier: Subject Alternative Name - 2.5.29.17
>                     Critical: no
>                     Value:
>                         DNSName: host1.Example.com
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-cfu-0047-Ticket-1316-Allow-adding-SAN-to-server-cert-during-t.patch
Type: text/x-patch
Size: 23693 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150420/f1662447/attachment.bin>

More information about the Pki-devel mailing list