[Pki-users] setting DNSName in subjectAltName extension

Mike Helm helm at fionn.es.net
Wed Aug 15 15:16:07 UTC 2012 

Marc Sauton writes:
> > I need to set DNSName in server subjectAltname extensions, but
> > having difficulty getting the server's name into this field.
 ...
> > I also tried the obviously wrong example in Example B.1 (before the table) -
> > policyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.SAN1$
> > same thing, $request.SAN1$ literal.

> something like this should work fine:
> 
> policyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl
> policyset.encryptionCertSet.8.constraint.name=No Constraint
> policyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
> policyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint
> policyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=true
> policyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=8
> #
> policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true
> policyset.encryptionCertSet.8.default.params.subjAltExtType_0=IPAddress
> policyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=10.1.2.3
> #
> policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_1=true
> policyset.encryptionCertSet.8.default.params.subjAltExtType_1=RFC822Name
> policyset.encryptionCertSet.8.default.params.subjAltExtPattern_1=$request.SAN1$

I tried exactly this (see above).  I think it is probably wrong, because they
probably meant something else other than SAN1, like subject, but neither
will work.  (Look at the table that follows in the doc, or look at the 8.1 doc
where I believe the example is corrected).

The only variable I've succeeded in getting values passed thru is "requestor_email".

Why?  What am I missing?

These variables arrive thru the GET list from the RA, btw.

> #
> policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_2=true
> policyset.encryptionCertSet.8.default.params.subjAltExtType_2=RFC822Name
> policyset.encryptionCertSet.8.default.params.subjAltExtPattern_2=$request.requestor_email$

Thanks, ==mwh

More information about the Pki-users mailing list