diff options
author | Christina Fu <cfu@redhat.com> | 2015-04-15 10:58:08 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2015-04-21 18:24:32 -0700 |
commit | e2683d6a8f6211ac58a5674aaa626814f26ebbf2 (patch) | |
tree | cb6e9fae0990b334ee1acd6333f8ef46594994e8 /base/server/etc/default.cfg | |
parent | 79c5627ae28840756d99928fd33701552cc93322 (diff) | |
download | pki-e2683d6a8f6211ac58a5674aaa626814f26ebbf2.tar.gz pki-e2683d6a8f6211ac58a5674aaa626814f26ebbf2.tar.xz pki-e2683d6a8f6211ac58a5674aaa626814f26ebbf2.zip |
Ticket 1316 Allow adding SAN to server cert during the install process
Usage:
* under /usr/share/pki/ca/conf, you will find a new file called
serverCert.profile.exampleWithSANpattern
* copy existing serverCert.profile away and replace with
serverCert.profile.exampleWithSANpattern
* edit serverCert.profile.exampleWithSANpattern
- follow the instruction right above 8.default.
- save and quit
* cd /usr/share/pki/ca/profiles/ca , edit caInternalAuthServerCert.cfg
- follow the instruction right above policyset.serverCertSet.9
- save and quit
* save away and edit the ca config file for pkispawn: (note: you can
add multiple SAN's delimited by ',' for pki_san_server_cert
- add the following lines, e.g.
pki_san_inject=True
pki_san_server_cert=host1.Example.com
- do the same pkispawn cfg changes for kra or any other instances
that you plan on creating
* create your instance(s)
check the sl sever cert, it should contain something like the
following:
Identifier: Subject Alternative Name - 2.5.29.17
Critical: no
Value:
DNSName: host1.Example.com
Diffstat (limited to 'base/server/etc/default.cfg')
-rw-r--r-- | base/server/etc/default.cfg | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index 50117a20e..3f7af5ebd 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -104,6 +104,9 @@ pki_security_domain_https_port=8443 pki_security_domain_name=%(pki_dns_domainname)s Security Domain pki_security_domain_password= pki_security_domain_user=caadmin +#for supporting server cert SAN injection +pki_san_inject=False +pki_san_for_server_cert= pki_skip_configuration=False pki_skip_installation=False pki_ssl_server_key_algorithm=SHA256withRSA |