Subject Alternative Name Extension Default - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.3 - ADMINISTRATION:
- Manual (98 pages) ,
- Release note (24 pages) ,
- Manual (92 pages)
Table of Contents
Advertisement
The following constraints can be defined with this default:
• Signing Algorithm Constraint; see
Section 13.8.6, "No
• No Constraints; see
Parameter
signingAlgsAllowed
signingAlg
Table 13.16. Signing Algorithm Default Configuration Parameters
13.7.17. Subject Alternative Name Extension Default
This default attaches a Subject Alternative Name extension to the certificate. The extension binds
additional identities, such as an email address, a DNS name, an IP address, or a URI, to the subject
of the certificate. The standard requires that if the certificate subject field contains an empty sequence,
then the Subject Alternative name extension must contain the subject's alternative name and that the
extension be marked critical.
For any of the directory-based authentication methods, the Certificate System can retrieve values
for any string and byte attributes and set them in the certificate request. These attributes are set by
entering them in the ldapStringAttributes and ldapByteAttributes fields defined in the
automated enrollment modules.
If authenticated attributes need to be part of this extension, use values from the $request token.
For example, to enable the Subject Alternative Name extension in the caDirUserCert profile for the
mail LDAP attribute for the user to authenticate against to obtain a certificate, use the following
configuration:
policyset.serverCertSet.9.constraint.name=No Constraint
policyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl
policyset.serverCertSet.9.default.name=Subject Alternative Name Extension Default
policyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true
policyset.serverCertSet.9.default.params.subjAltExtGNEnable_1=true
policyset.serverCertSet.9.default.params.subjAltExtGNEnable_2=true
policyset.serverCertSet.9.default.params.subjAltExtGNEnable_3=false
policyset.serverCertSet.9.default.params.subjAltExtGNEnable_4=false
policyset.serverCertSet.9.default.params.subjAltExtPattern_0=$request.requester_email$
policyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.SAN1$
policyset.serverCertSet.9.default.params.subjAltExtPattern_2=http://www.server.example.com
policyset.serverCertSet.9.default.params.subjAltExtPattern_3=
policyset.serverCertSet.9.default.params.subjAltExtPattern_4=
Subject Alternative Name Extension Default
Section 13.8.8, "Signing Algorithm
Constraint".
Constraint".
309
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.3 - ADMINISTRATION and is the answer not in the manual?