On Fri, Mar 30, 2018 at 4:06 AM, Rafael Leiva-Ochoa <spawn@xxxxxxxxxxx> wrote: > sending to alias also... is arm@fedoraproject,org the wrong list? > ---------- Forwarded message ---------- > From: Rafael Leiva-Ochoa <spawn@xxxxxxxxxxx> > Date: Thu, Mar 29, 2018 at 3:35 PM > Subject: Re: [Pki-users] SAN for Launch page. > To: Marc Sauton <msauton@xxxxxxxxxx> > > > It did not work. I am still getting SAN errors when using the Launch page. I > viewed the Cert that was issued to the launch page, and it is still missing > the SAN. Here is my ca.cfg: > > [CA] > > pki_admin_email=caadmin@xxxxxxxx > > pki_admin_name=caadmin > > pki_admin_nickname=caadmin > > pki_admin_password=xxxxxxxx > > pki_admin_uid=caadmin > > > pki_san_inject=True > > pki_san_for_server_cert=dogtag-ca-root.test.com > > > pki_client_database_password=xxxxxxxx > > pki_client_database_purge=False > > pki_client_pkcs12_password=xxxxxxxxxx > > > pki_ds_base_dn=dc=test,dc=com > > pki_ds_database=pki-tomcat > > pki_ds_password=xxxxxxx > > > pki_ca_signing_subject_dn=cn=TEST Root CA,ou=TEST Certification > Authority,c=US > > > > Thanks, > > Rafael > > On Thu, Mar 29, 2018 at 2:50 PM, Rafael Leiva-Ochoa <spawn@xxxxxxxxxxx> > wrote: >> >> Thanks, I will give that a try. >> >> On Thu, Mar 29, 2018 at 12:57 PM, Marc Sauton <msauton@xxxxxxxxxx> wrote: >>> >>> Try to add to the pkispawn config file, for example: >>> pki_san_inject=True >>> pki_san_for_server_cert=ca01.example.com,ca02.example.com,ca.example.com >>> >>> Note for the "non-internal" certificates, there is a way to modify >>> enrollment profiles to add a SAN, but a recent updated feature is described >>> in the page at >>> http://www.dogtagpki.org/wiki/PKI_10.4_Copy_CN_To_SAN >>> >>> Thanks, >>> M. >>> >>> On Thu, Mar 29, 2018 at 11:42 AM, Rafael Leiva-Ochoa <spawn@xxxxxxxxxxx> >>> wrote: >>>> >>>> Hi Everyone, >>>> >>>> I am trying to build a new CA, and I am using the ca.cfg file to >>>> create the CA, but when I create the CA, the SAN is missing from the website >>>> cert (:8443). I am trying to look for the right value to put on the ca.cfg >>>> file for the SAN, so the the launch page does not give me SAN errors. Here >>>> is what I found, but nothing relating to the SAN: >>>> >>>> [CA] >>>> pki_admin_email=caadmin@xxxxxxxxxxx >>>> pki_admin_name=caadmin >>>> pki_admin_nickname=caadmin >>>> pki_admin_password=Secret.123 >>>> pki_admin_uid=caadmin >>>> >>>> pki_client_database_password=Secret.123 >>>> pki_client_database_purge=False >>>> pki_client_pkcs12_password=Secret.123 >>>> >>>> pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com >>>> pki_ds_database=ca >>>> pki_ds_password=Secret.123 >>>> >>>> pki_security_domain_name=EXAMPLE >>>> >>>> Any ideas? >>>> >>>> Rafael >>>> >>>> _______________________________________________ >>>> Pki-users mailing list >>>> Pki-users@xxxxxxxxxx >>>> https://www.redhat.com/mailman/listinfo/pki-users >>> >>> >> > > > > _______________________________________________ > arm mailing list -- arm@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to arm-leave@xxxxxxxxxxxxxxxxxxxxxxx > _______________________________________________ arm mailing list -- arm@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to arm-leave@xxxxxxxxxxxxxxxxxxxxxxx
