Re: [Pki-users] SAN for Launch page.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

 Yes, Making this a default will make it much easier.

On Fri, Mar 30, 2018 at 8:14 AM Marc Sauton <msauton@xxxxxxxxxx> wrote:
Yes,sorry, I forgot to mention the profile used for the internal SSL server certificate at configuration needed to be copied from /usr/share/pki/ca/conf/serverCert.profile.exampleWithSAN
Should we make this a default setting?
Thanks,
M.

On Thu, Mar 29, 2018 at 10:05 PM, Rafael Leiva-Ochoa <spawn@xxxxxxxxxxx> wrote:

On Thu, Mar 29, 2018 at 8:06 PM, Rafael Leiva-Ochoa <spawn@xxxxxxxxxxx> wrote:
sending to alias also...

---------- Forwarded message ----------
From: Rafael Leiva-Ochoa <spawn@xxxxxxxxxxx>
Date: Thu, Mar 29, 2018 at 3:35 PM
Subject: Re: [Pki-users] SAN for Launch page.
To: Marc Sauton <msauton@xxxxxxxxxx>


It did not work. I am still getting SAN errors when using the Launch page. I viewed the Cert that was issued to the launch page, and it is still missing the SAN. Here is my ca.cfg:

[CA]

pki_admin_email=caadmin@xxxxxxxx

pki_admin_name=caadmin

pki_admin_nickname=caadmin

pki_admin_password=xxxxxxxx

pki_admin_uid=caadmin


pki_san_inject=True

pki_san_for_server_cert=dogtag-ca-root.test.com


pki_client_database_password=xxxxxxxx

pki_client_database_purge=False

pki_client_pkcs12_password=xxxxxxxxxx


pki_ds_base_dn=dc=test,dc=com

pki_ds_database=pki-tomcat

pki_ds_password=xxxxxxx


pki_ca_signing_subject_dn=cn=TEST Root CA,ou=TEST Certification Authority,c=US



Thanks,

Rafael

On Thu, Mar 29, 2018 at 2:50 PM, Rafael Leiva-Ochoa <spawn@xxxxxxxxxxx> wrote:
Thanks, I will give that a try.

On Thu, Mar 29, 2018 at 12:57 PM, Marc Sauton <msauton@xxxxxxxxxx> wrote:
Try to add to the pkispawn config file, for example:
pki_san_inject=True

Note for the "non-internal" certificates, there is a way to modify enrollment profiles to add a SAN, but a recent updated feature is described in the page at

Thanks,
M.

On Thu, Mar 29, 2018 at 11:42 AM, Rafael Leiva-Ochoa <spawn@xxxxxxxxxxx> wrote:
Hi Everyone,

    I am trying to build a new CA, and I am using the ca.cfg file to create the CA, but when I create the CA, the SAN is missing from the website cert (:8443). I am trying to look for the right value to put on the ca.cfg file for the SAN, so the the launch page does not give me SAN errors. Here is what I found, but nothing relating to the SAN:

[CA]
pki_admin_email=caadmin@xxxxxxxxxxx
pki_admin_name=caadmin
pki_admin_nickname=caadmin
pki_admin_password=Secret.123
pki_admin_uid=caadmin

pki_client_database_password=Secret.123
pki_client_database_purge=False
pki_client_pkcs12_password=Secret.123

pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
pki_ds_database=ca
pki_ds_password=Secret.123

pki_security_domain_name=EXAMPLE
Any ideas?

Rafael

_______________________________________________
Pki-users mailing list
Pki-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pki-users






_______________________________________________
arm mailing list -- arm@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to arm-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux ARM (Vger)]     [Linux ARM]     [ARM Kernel]     [Fedora User Discussion]     [Older Fedora Users Discussion]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Maintainers]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

Powered by Linux