Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 332

Chapter 13. Certificate Profiles
policyset.serverCertSet.9.default.params.subjAltExtType_0=RFC822Name
policyset.serverCertSet.9.default.params.subjAltExtType_1=DNSName
policyset.serverCertSet.9.default.params.subjAltExtType_2=URIName
policyset.serverCertSet.9.default.params.subjAltExtType_3=RFC822Name
policyset.serverCertSet.9.default.params.subjAltExtType_4=RFC822Name
policyset.serverCertSet.9.default.params.subjAltNameExtCritical=false
policyset.serverCertSet.9.default.params.subjAltNameNumGNs=3
Example 13.1. Default Subject Alternative Name Extension Configuration
The Subject Alternative Name extension profile checks the certificate request for the policy attributes.
If the request contains an attribute, the profile reads its value and sets it in the extension. The
extension added to the certificates contain all the configured attributes.
Multiple attributes can be set for a single extension. Up to five subject alternative names can be set;
the subjAltNameNumGNs parameter controls how many of the listed attributes are required to be
added to the certificate. This parameter must be added to custom profiles and may need modified in
default profiles to include as many attributes as required. In
Name Extension Configuration", the subjAltNameNumGNs is set to 3 to insert the RFC822Name,
DNSName, and URIName names (generic names _0, _1, and _2).
The following constraints can be defined with this default:
• Extension Constraint; see
Section 13.8.6, "No
• No Constraints; see
Parameter
Critical
Pattern
Type
310
Section 13.8.3, "Extension
Constraint".
Example 13.1, "Default Subject Alternative
Constraint".