On Fri, Mar 30, 2018 at 4:06 AM, Rafael Leiva-Ochoa <spawn@rloteck.net> wrote:
> sending to alias also...
is arm@fedoraproject,org the wrong list?
> ---------- Forwarded message ----------
> From: Rafael Leiva-Ochoa <spawn@rloteck.net>
> Date: Thu, Mar 29, 2018 at 3:35 PM
> Subject: Re: [Pki-users] SAN for Launch page.
> To: Marc Sauton <msauton@redhat.com>
>
>
> It did not work. I am still getting SAN errors when using the Launch page. I
> viewed the Cert that was issued to the launch page, and it is still missing
> the SAN. Here is my ca.cfg:
>
> [CA]
>
> pki_admin_email=caadmin@test.com
>
> pki_admin_name=caadmin
>
> pki_admin_nickname=caadmin
>
> pki_admin_password=xxxxxxxx
>
> pki_admin_uid=caadmin
>
>
> pki_san_inject=True
>
> pki_san_for_server_cert=dogtag-ca-root.test.com
>
>
> pki_client_database_password=xxxxxxxx
>
> pki_client_database_purge=False
>
> pki_client_pkcs12_password=xxxxxxxxxx
>
>
> pki_ds_base_dn=dc=test,dc=com
>
> pki_ds_database=pki-tomcat
>
> pki_ds_password=xxxxxxx
>
>
> pki_ca_signing_subject_dn=cn=TEST Root CA,ou=TEST Certification
> Authority,c=US
>
>
>
> Thanks,
>
> Rafael
>
> On Thu, Mar 29, 2018 at 2:50 PM, Rafael Leiva-Ochoa <spawn@rloteck.net>
> wrote:
>>
>> Thanks, I will give that a try.
>>
>> On Thu, Mar 29, 2018 at 12:57 PM, Marc Sauton <msauton@redhat.com> wrote:
>>>
>>> Try to add to the pkispawn config file, for example:
>>> pki_san_inject=True
>>> pki_san_for_server_cert=ca01.example.com,ca02.example.com,ca.example.com
>>>
>>> Note for the "non-internal" certificates, there is a way to modify
>>> enrollment profiles to add a SAN, but a recent updated feature is described
>>> in the page at
>>> http://www.dogtagpki.org/wiki/PKI_10.4_Copy_CN_To_SAN
>>>
>>> Thanks,
>>> M.
>>>
>>> On Thu, Mar 29, 2018 at 11:42 AM, Rafael Leiva-Ochoa <spawn@rloteck.net>
>>> wrote:
>>>>
>>>> Hi Everyone,
>>>>
>>>> I am trying to build a new CA, and I am using the ca.cfg file to
>>>> create the CA, but when I create the CA, the SAN is missing from the website
>>>> cert (:8443). I am trying to look for the right value to put on the ca.cfg
>>>> file for the SAN, so the the launch page does not give me SAN errors. Here
>>>> is what I found, but nothing relating to the SAN:
>>>>
>>>> [CA]
>>>> pki_admin_email=caadmin@example.com
>>>> pki_admin_name=caadmin
>>>> pki_admin_nickname=caadmin
>>>> pki_admin_password=Secret.123
>>>> pki_admin_uid=caadmin
>>>>
>>>> pki_client_database_password=Secret.123
>>>> pki_client_database_purge=False
>>>> pki_client_pkcs12_password=Secret.123
>>>>
>>>> pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
>>>> pki_ds_database=ca
>>>> pki_ds_password=Secret.123
>>>>
>>>> pki_security_domain_name=EXAMPLE
>>>>
>>>> Any ideas?
>>>>
>>>> Rafael
>>>>
>>>> _______________________________________________
>>>> Pki-users mailing list
>>>> Pki-users@redhat.com
>>>> https://www.redhat.com/mailman/listinfo/pki-users
>>>
>>>
>>
>
>
>
> _______________________________________________
> arm mailing list -- arm@lists.fedoraproject.org
> To unsubscribe send an email to arm-leave@lists.fedoraproject.org
>
_______________________________________________
arm mailing list -- arm@lists.fedoraproject.org
To unsubscribe send an email to arm-leave@lists.fedoraproject.org
No comments:
Post a Comment