[Pki-users] setting DNSName in subjectAltName extension
Mike Helm
helm at fionn.es.net
Tue Aug 14 22:26:45 UTC 2012
I need to set DNSName in server subjectAltname extensions, but
having difficulty getting the server's name into this field.
I've read this:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Certificate_System/8.0/html/Admin_Guide/Certificate_and_CRL_Extensions.html#Subject_Alternative_Name_Extension_Default
I can set the RFC822name value using this (see table B-15)
$request.requestor_email$
by making sure there's a requestor_email=something in the GET from the
RA. There really isn;t anything that corresponds to what DNSName should
be but I expected $request.subject$ would do; I added subject=some.thing.dom,
but no, I get "$request.subject$" as a literal string.
I also tried the obviously wrong example in Example B.1 (before the table) -
policyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.SAN1$
same thing, $request.SAN1$ literal.
I can set subjAltExtPattern_1 to my own literal string, but obviously that's
counterproductive. I can set it to $request.requestor_email$ and get the email
address in DNSName - if I didn't have cases where BOTH subjectAltName fields
were needed I'd just re-purpose requestor_email.
So - what works and how? I'm stumped. Any ideas appreciated. Thanks, ==mwh
More information about the Pki-users
mailing list