[Pki-devel] [PATCH]pki-cfu-0047-Ticket-1316-Allow-adding-SAN-to-server-cert-during-t.patch
Christina Fu
cfu at redhat.com
Tue Apr 21 00:00:47 UTC 2015
now with the attachment.
On 04/20/2015 02:24 PM, Christina Fu wrote:
> This patch allows SAN to be specified for the server cert during
> installation.
> It ports some of the code from now obsolete 8.1 errata that dealt with
> IP port separation, and added needed pkispawn config parameters and
> example enrollment profile with SAN patterns
>
> note: the installation part of san injection code ported was
> originally authored by mharmsen, while the backend SAN input code
> (authored by myself) was already ported earlier for other purpose.
>
> Usage:
> * under /usr/share/pki/ca/conf, you will find a new file called
> serverCert.profile.exampleWithSANpattern
> * copy existing serverCert.profile away and replace with
> serverCert.profile.exampleWithSANpattern
> * edit serverCert.profile.exampleWithSANpattern
> - follow the instruction right above 8.default.
> - save and quit
> * cd /usr/share/pki/ca/profiles/ca , edit caInternalAuthServerCert.cfg
> - follow the instruction right above policyset.serverCertSet.9
> - save and quit
> * save away and edit the ca config file for pkispawn: (note: you can
> add multiple SAN's delimited by ',' for pki_san_server_cert
> - add the following lines, e.g.
> pki_san_inject=True
> pki_san_server_cert=host1.Example.com
> - do the same pkispawn cfg changes for kra or any other instances
> that you plan on creating
> * create your instance(s)
> check the sl sever cert, it should contain something like the
> following:
>
> Identifier: Subject Alternative Name - 2.5.29.17
> Critical: no
> Value:
> DNSName: host1.Example.com
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-cfu-0047-Ticket-1316-Allow-adding-SAN-to-server-cert-during-t.patch
Type: text/x-patch
Size: 23693 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150420/f1662447/attachment.bin>
More information about the Pki-devel
mailing list