diff options
author | Christina Fu <cfu@redhat.com> | 2015-04-15 10:58:08 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2015-04-21 18:24:32 -0700 |
commit | e2683d6a8f6211ac58a5674aaa626814f26ebbf2 (patch) | |
tree | cb6e9fae0990b334ee1acd6333f8ef46594994e8 /base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java | |
parent | 79c5627ae28840756d99928fd33701552cc93322 (diff) | |
download | pki-e2683d6a8f6211ac58a5674aaa626814f26ebbf2.tar.gz pki-e2683d6a8f6211ac58a5674aaa626814f26ebbf2.tar.xz pki-e2683d6a8f6211ac58a5674aaa626814f26ebbf2.zip |
Ticket 1316 Allow adding SAN to server cert during the install process
Usage:
* under /usr/share/pki/ca/conf, you will find a new file called
serverCert.profile.exampleWithSANpattern
* copy existing serverCert.profile away and replace with
serverCert.profile.exampleWithSANpattern
* edit serverCert.profile.exampleWithSANpattern
- follow the instruction right above 8.default.
- save and quit
* cd /usr/share/pki/ca/profiles/ca , edit caInternalAuthServerCert.cfg
- follow the instruction right above policyset.serverCertSet.9
- save and quit
* save away and edit the ca config file for pkispawn: (note: you can
add multiple SAN's delimited by ',' for pki_san_server_cert
- add the following lines, e.g.
pki_san_inject=True
pki_san_server_cert=host1.Example.com
- do the same pkispawn cfg changes for kra or any other instances
that you plan on creating
* create your instance(s)
check the sl sever cert, it should contain something like the
following:
Identifier: Subject Alternative Name - 2.5.29.17
Critical: no
Value:
DNSName: host1.Example.com
Diffstat (limited to 'base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 21aaf203b..1765ba7a6 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -2492,11 +2492,22 @@ public class ConfigurationUtils { } catch (Exception ee) { } + String sslserver_extension = ""; + Boolean injectSAN = config.getBoolean( + "service.injectSAN", false); + CMS.debug("ConfigurationUtils: injectSAN="+injectSAN); + if (certTag.equals("sslserver") && + injectSAN == true) { + sslserver_extension = + CertUtil.buildSANSSLserverURLExtension(config); + } + String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") - + "&xmlOutput=true&sessionID=" + session_id; + + "&xmlOutput=true&sessionID=" + session_id + + sslserver_extension; cert = CertUtil.createRemoteCert(ca_hostname, ca_port, content, response, panel); if (cert == null) { |