Yes, Making this a default will make it much easier.
On Fri, Mar 30, 2018 at 8:14 AM Marc Sauton <msauton(a)redhat.com> wrote:
Yes,sorry, I forgot to mention the profile used for the internal SSL
server certificate at configuration needed to be copied
from /usr/share/pki/ca/conf/serverCert.profile.exampleWithSAN
Should we make this a default setting?
Thanks,
M.
On Thu, Mar 29, 2018 at 10:05 PM, Rafael Leiva-Ochoa <spawn(a)rloteck.net>
wrote:
> Found the solution here...Thanks again!
>
>
https://www.redhat.com/archives/pki-devel/2015-April/msg00077.html
>
> On Thu, Mar 29, 2018 at 8:06 PM, Rafael Leiva-Ochoa <spawn(a)rloteck.net>
> wrote:
>
>> sending to alias also...
>>
>> ---------- Forwarded message ----------
>> From: Rafael Leiva-Ochoa <spawn(a)rloteck.net>
>> Date: Thu, Mar 29, 2018 at 3:35 PM
>> Subject: Re: [Pki-users] SAN for Launch page.
>> To: Marc Sauton <msauton(a)redhat.com>
>>
>>
>> It did not work. I am still getting SAN errors when using the Launch
>> page. I viewed the Cert that was issued to the launch page, and it is still
>> missing the SAN. Here is my ca.cfg:
>>
>> [CA]
>>
>> pki_admin_email=caadmin(a)test.com
>>
>> pki_admin_name=caadmin
>>
>> pki_admin_nickname=caadmin
>>
>> pki_admin_password=xxxxxxxx
>>
>> pki_admin_uid=caadmin
>>
>>
>> pki_san_inject=True
>>
>>
pki_san_for_server_cert=dogtag-ca-root.test.com
>>
>>
>> pki_client_database_password=xxxxxxxx
>>
>> pki_client_database_purge=False
>>
>> pki_client_pkcs12_password=xxxxxxxxxx
>>
>>
>> pki_ds_base_dn=dc=test,dc=com
>>
>> pki_ds_database=pki-tomcat
>>
>> pki_ds_password=xxxxxxx
>>
>>
>> pki_ca_signing_subject_dn=cn=TEST Root CA,ou=TEST Certification
>> Authority,c=US
>>
>>
>> Thanks,
>>
>> Rafael
>>
>> On Thu, Mar 29, 2018 at 2:50 PM, Rafael Leiva-Ochoa <spawn(a)rloteck.net>
>> wrote:
>>
>>> Thanks, I will give that a try.
>>>
>>> On Thu, Mar 29, 2018 at 12:57 PM, Marc Sauton <msauton(a)redhat.com>
>>> wrote:
>>>
>>>> Try to add to the pkispawn config file, for example:
>>>> pki_san_inject=True
>>>>
pki_san_for_server_cert=ca01.example.com,ca02.example.com,
>>>>
ca.example.com
>>>>
>>>> Note for the "non-internal" certificates, there is a way to
modify
>>>> enrollment profiles to add a SAN, but a recent updated feature is
described
>>>> in the page at
>>>>
http://www.dogtagpki.org/wiki/PKI_10.4_Copy_CN_To_SAN
>>>>
>>>> Thanks,
>>>> M.
>>>>
>>>> On Thu, Mar 29, 2018 at 11:42 AM, Rafael Leiva-Ochoa <
>>>> spawn(a)rloteck.net> wrote:
>>>>
>>>>> Hi Everyone,
>>>>>
>>>>> I am trying to build a new CA, and I am using the ca.cfg file to
>>>>> create the CA, but when I create the CA, the SAN is missing from the
>>>>> website cert (:8443). I am trying to look for the right value to put
on the
>>>>> ca.cfg file for the SAN, so the the launch page does not give me SAN
>>>>> errors. Here is what I found, but nothing relating to the SAN:
>>>>>
>>>>> [CA]
>>>>> pki_admin_email=caadmin(a)example.com
>>>>> pki_admin_name=caadmin
>>>>> pki_admin_nickname=caadmin
>>>>> pki_admin_password=Secret.123
>>>>> pki_admin_uid=caadmin
>>>>>
>>>>> pki_client_database_password=Secret.123
>>>>> pki_client_database_purge=False
>>>>> pki_client_pkcs12_password=Secret.123
>>>>>
>>>>> pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
>>>>> pki_ds_database=ca
>>>>> pki_ds_password=Secret.123
>>>>>
>>>>> pki_security_domain_name=EXAMPLE
>>>>>
>>>>> Any ideas?
>>>>>
>>>>> Rafael
>>>>>
>>>>> _______________________________________________
>>>>> Pki-users mailing list
>>>>> Pki-users(a)redhat.com
>>>>>
https://www.redhat.com/mailman/listinfo/pki-users
>>>>>
>>>>
>>>>
>>>
>>
>>
>