Rafael Leiva-Ochoa
2018-03-30 03:06:19 UTC
sending to alias also...
---------- Forwarded message ----------
From: Rafael Leiva-Ochoa <***@rloteck.net>
Date: Thu, Mar 29, 2018 at 3:35 PM
Subject: Re: [Pki-users] SAN for Launch page.
To: Marc Sauton <***@redhat.com>
It did not work. I am still getting SAN errors when using the Launch page.
I viewed the Cert that was issued to the launch page, and it is still
missing the SAN. Here is my ca.cfg:
[CA]
pki_admin_email=***@test.com
pki_admin_name=caadmin
pki_admin_nickname=caadmin
pki_admin_password=xxxxxxxx
pki_admin_uid=caadmin
pki_san_inject=True
pki_san_for_server_cert=dogtag-ca-root.test.com
pki_client_database_password=xxxxxxxx
pki_client_database_purge=False
pki_client_pkcs12_password=xxxxxxxxxx
pki_ds_base_dn=dc=test,dc=com
pki_ds_database=pki-tomcat
pki_ds_password=xxxxxxx
pki_ca_signing_subject_dn=cn=TEST Root CA,ou=TEST Certification
Authority,c=US
Thanks,
Rafael
---------- Forwarded message ----------
From: Rafael Leiva-Ochoa <***@rloteck.net>
Date: Thu, Mar 29, 2018 at 3:35 PM
Subject: Re: [Pki-users] SAN for Launch page.
To: Marc Sauton <***@redhat.com>
It did not work. I am still getting SAN errors when using the Launch page.
I viewed the Cert that was issued to the launch page, and it is still
missing the SAN. Here is my ca.cfg:
[CA]
pki_admin_email=***@test.com
pki_admin_name=caadmin
pki_admin_nickname=caadmin
pki_admin_password=xxxxxxxx
pki_admin_uid=caadmin
pki_san_inject=True
pki_san_for_server_cert=dogtag-ca-root.test.com
pki_client_database_password=xxxxxxxx
pki_client_database_purge=False
pki_client_pkcs12_password=xxxxxxxxxx
pki_ds_base_dn=dc=test,dc=com
pki_ds_database=pki-tomcat
pki_ds_password=xxxxxxx
pki_ca_signing_subject_dn=cn=TEST Root CA,ou=TEST Certification
Authority,c=US
Thanks,
Rafael
Thanks, I will give that a try.
pki_san_inject=True
pki_san_for_server_cert=ca01.example.com,ca02.example.com,ca.example.com
Note for the "non-internal" certificates, there is a way to modify
enrollment profiles to add a SAN, but a recent updated feature is described
in the page at
http://www.dogtagpki.org/wiki/PKI_10.4_Copy_CN_To_SAN
Thanks,
M.
pki_san_for_server_cert=ca01.example.com,ca02.example.com,ca.example.com
Note for the "non-internal" certificates, there is a way to modify
enrollment profiles to add a SAN, but a recent updated feature is described
in the page at
http://www.dogtagpki.org/wiki/PKI_10.4_Copy_CN_To_SAN
Thanks,
M.
Hi Everyone,
I am trying to build a new CA, and I am using the ca.cfg file to
create the CA, but when I create the CA, the SAN is missing from the
website cert (:8443). I am trying to look for the right value to put on the
ca.cfg file for the SAN, so the the launch page does not give me SAN
[CA]
pki_admin_name=caadmin
pki_admin_nickname=caadmin
pki_admin_password=Secret.123
pki_admin_uid=caadmin
pki_client_database_password=Secret.123
pki_client_database_purge=False
pki_client_pkcs12_password=Secret.123
pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
pki_ds_database=ca
pki_ds_password=Secret.123
pki_security_domain_name=EXAMPLE
Any ideas?
Rafael
_______________________________________________
Pki-users mailing list
https://www.redhat.com/mailman/listinfo/pki-users
I am trying to build a new CA, and I am using the ca.cfg file to
create the CA, but when I create the CA, the SAN is missing from the
website cert (:8443). I am trying to look for the right value to put on the
ca.cfg file for the SAN, so the the launch page does not give me SAN
[CA]
pki_admin_name=caadmin
pki_admin_nickname=caadmin
pki_admin_password=Secret.123
pki_admin_uid=caadmin
pki_client_database_password=Secret.123
pki_client_database_purge=False
pki_client_pkcs12_password=Secret.123
pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
pki_ds_database=ca
pki_ds_password=Secret.123
pki_security_domain_name=EXAMPLE
Any ideas?
Rafael
_______________________________________________
Pki-users mailing list
https://www.redhat.com/mailman/listinfo/pki-users