Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 85
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
Inserting LDAP Directory Attribute Values and Other Information into the Subject Alt Name
3. To enable the CA to insert the LDAP attribute value in the certificate extension, edit the profile's
configuration file, and insert a policy set parameter for an extension. For example, to insert the
mail attribute value in the Subject Alternative Name extension in the caDirUser profile, do the
following:
cd /var/lib/subsystem_name/profiles/ca
vi caDirUser.cfg
policyset.setID.8.default.params.subjAltExtPattern_0=$request.auth_token.mail$
4. Restart the CA.
service pki-ca restart
For this example, certificates submitted through the caDirUser profile enrollment form will have the
Subject Alternative Name extension added with the value of the requester's mail LDAP attribute. For
example:
Identifier: Subject Alternative Name - 2.5.29.17
Critical: no
Value:
RFC822Name: jsmith@example.com
There are many attributes which can be automatically inserted into certificates by being set as a
token ($X$) in any of the Pattern_ parameters in the policy set. The common tokens are listed in
Table 2.6, "Variables Used to Populate
these tokens are used.
Policy Set Token
$request.auth_token.cn$
$request.auth_token.mail$
$request.auth_token.tokenCertSubject
$
$request.auth_token.uid$
$request.auth_token.user$
$request.auth_token.userDN$
$request.auth_token.userid$
$request.uid$
$request.profileRemoteAddr$
$request.profileRemoteHost$
Certificates", and the default profiles contain examples for how
Description
The LDAP common name (cn) attribute of the user who requested the certificate.
The value of the LDAP email (mail) attribute of the user who requested the certifi
The certificate subject name.
The LDAP user ID (uid) attribute of the user who requested the certificate.
The user DN of the user who requested the certificate.
The value of the user ID attribute for the user who requested the certificate.
The value of the user ID attribute for the user who requested the certificate.
The IP address of the user making the request. This can be an IPv4 or an IPv6 ad
address must be in the format n.n.n.n or n.n.n.n,m.m.m.m. For example, 128.21.3
IPv6 address uses a 128-bit namespace, with the IPv6 address separated by colo
For example, 0:0:0:0:0:0:13.1.68.3, FF01::43, 0:0:0:0:0:0:13.1.68.3,FFFF:FFFF:FF
FF01::43,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FF00:0000.
The hostname or IP address of the user's machine. The hostname can be the fully
and the protocol, such as http://server.example.com. An IPv4 address mu
n.n.n.n,m.m.m.m. For example, 128.21.39.40 or 128.21.39.40,255.255.255.00. An
bit namespace, with the IPv6 address separated by colons and the netmask sepa
63
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Cluster Suite
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?