diff options
Diffstat (limited to 'base/ca/shared/profiles')
-rw-r--r-- | base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg index 719351080..f145325f0 100644 --- a/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg +++ b/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg @@ -8,6 +8,7 @@ name=Security Domain Server Certificate Enrollment input.list=i1,i2 input.i1.class_id=certReqInputImpl input.i2.class_id=submitterInfoInputImpl +input.i3.class_id=subjectAltNameExtInputImpl output.list=o1 output.o1.class_id=certOutputImpl policyset.list=serverCertSet @@ -84,3 +85,25 @@ policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA25 policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl policyset.serverCertSet.8.default.name=Signing Alg policyset.serverCertSet.8.default.params.signingAlg=- +# allows SAN to be specified from client side +# need to: +# 1. add i3 to input.list above +# 2. add 9 to policyset.serverCertSet.list above +# 3. change below to reflect the number of general names, and +# turn each corresponding subjAltExtPattern_<num> to true +# policyset.serverCertSet.9.default.params.subjAltNameNumGNs +policyset.serverCertSet.9.constraint.class_id=noConstraintImpl +policyset.serverCertSet.9.constraint.name=No Constraint +policyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl +policyset.serverCertSet.9.default.name=Subject Alternative Name Extension Default +policyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true +policyset.serverCertSet.9.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$ +policyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName +policyset.serverCertSet.9.default.params.subjAltExtGNEnable_1=false +policyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.req_san_pattern_1$ +policyset.serverCertSet.9.default.params.subjAltExtType_1=DNSName +policyset.serverCertSet.9.default.params.subjAltExtGNEnable_2=false +policyset.serverCertSet.9.default.params.subjAltExtPattern_2=$request.req_san_pattern_2$ +policyset.serverCertSet.9.default.params.subjAltExtType_2=DNSName +policyset.serverCertSet.9.default.params.subjAltNameExtCritical=false +policyset.serverCertSet.9.default.params.subjAltNameNumGNs=1 |