sending to alias also...
---------- Forwarded message ----------
From: Rafael Leiva-Ochoa <spawn(a)rloteck.net>
Date: Thu, Mar 29, 2018 at 3:35 PM
Subject: Re: [Pki-users] SAN for Launch page.
To: Marc Sauton <msauton(a)redhat.com>
It did not work. I am still getting SAN errors when using the Launch page.
I viewed the Cert that was issued to the launch page, and it is still
missing the SAN. Here is my ca.cfg:
[CA]
pki_admin_email=caadmin(a)test.com
pki_admin_name=caadmin
pki_admin_nickname=caadmin
pki_admin_password=xxxxxxxx
pki_admin_uid=caadmin
pki_san_inject=True
pki_san_for_server_cert=dogtag-ca-root.test.com
pki_client_database_password=xxxxxxxx
pki_client_database_purge=False
pki_client_pkcs12_password=xxxxxxxxxx
pki_ds_base_dn=dc=test,dc=com
pki_ds_database=pki-tomcat
pki_ds_password=xxxxxxx
pki_ca_signing_subject_dn=cn=TEST Root CA,ou=TEST Certification
Authority,c=US
Thanks,
Rafael
On Thu, Mar 29, 2018 at 2:50 PM, Rafael Leiva-Ochoa <spawn(a)rloteck.net>
wrote:
Thanks, I will give that a try.
On Thu, Mar 29, 2018 at 12:57 PM, Marc Sauton <msauton(a)redhat.com> wrote:
> Try to add to the pkispawn config file, for example:
> pki_san_inject=True
>
pki_san_for_server_cert=ca01.example.com,ca02.example.com,ca.example.com
>
> Note for the "non-internal" certificates, there is a way to modify
> enrollment profiles to add a SAN, but a recent updated feature is described
> in the page at
>
http://www.dogtagpki.org/wiki/PKI_10.4_Copy_CN_To_SAN
>
> Thanks,
> M.
>
> On Thu, Mar 29, 2018 at 11:42 AM, Rafael Leiva-Ochoa <spawn(a)rloteck.net>
> wrote:
>
>> Hi Everyone,
>>
>> I am trying to build a new CA, and I am using the ca.cfg file to
>> create the CA, but when I create the CA, the SAN is missing from the
>> website cert (:8443). I am trying to look for the right value to put on the
>> ca.cfg file for the SAN, so the the launch page does not give me SAN
>> errors. Here is what I found, but nothing relating to the SAN:
>>
>> [CA]
>> pki_admin_email=caadmin(a)example.com
>> pki_admin_name=caadmin
>> pki_admin_nickname=caadmin
>> pki_admin_password=Secret.123
>> pki_admin_uid=caadmin
>>
>> pki_client_database_password=Secret.123
>> pki_client_database_purge=False
>> pki_client_pkcs12_password=Secret.123
>>
>> pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
>> pki_ds_database=ca
>> pki_ds_password=Secret.123
>>
>> pki_security_domain_name=EXAMPLE
>>
>> Any ideas?
>>
>> Rafael
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users(a)redhat.com
>>
https://www.redhat.com/mailman/listinfo/pki-users
>>
>
>