Hello, I'm having some trouble implementing SAN in my certificates.
The profile i's currently using (I omitted the company name) : ``` # The name of the file equals the name of the profile label: Example Internal TLS Server Certificate validity: notafter: +050000 style: 05_advanced_style: label: I18N_OPENXPKI_UI_PROFILE_ADVANCED_STYLE_LABEL description: I18N_OPENXPKI_UI_PROFILE_ADVANCED_STYLE_DESC ui: subject: - cn # - o # - ou # - dc # - c san: - san_dns info: - requestor_gname - requestor_name - requestor_email - requestor_affiliation - comment subject: dn: CN=[% CN %], OU=Internal,OU=IT,O=example,C=BE enroll: subject: dn: CN=[% CN %],OU=Internal,OU=IT,O=example,C=BE san: dns: "[% FOREACH entry = SAN_DNS %][% entry.lower %] | [% END %]" metadata: system_id: "[% data.cust_id %]" server_id: "[% data.server_id %]" entity: "[% CN.0 FILTER lower %]" # Profile extensions - set 0/1 as needed # Also see sections defined in default.yaml extensions: key_usage: critical: 1 digital_signature: 1 non_repudiation: 0 key_encipherment: 1 data_encipherment: 0 key_agreement: 0 key_cert_sign: 0 crl_sign: 0 encipher_only: 0 decipher_only: 0 extended_key_usage: critical: 1 # these are OIDs, some OIDs are known and have names client_auth: 0 server_auth: 1 email_protection: 0 code_signing: 0 time_stamping: 0 ocsp_signing: 0 # end of extensions # Define the input fields you used below here #template: ``` However this gives me the following error (I omitted the company name in the DN): ``` 2019/09/04 13:19:20 openxpki.application.INFO persisted csr for CN=test.example.com,OU= Example ,OU=IT,O=Example,C=BE with csr_serial 3583 [pid=13267|sid=+Nku|wftype=certificate_signing_request_v2|wfid=11519] 2019/09/04 13:19:20 openxpki.application.INFO start cert issue for serial 3583, workflow 11519 [pid=13267|sid=+Nku|wftype=certificate_signing_request_v2|wfid=11519] 2019/09/04 13:19:20 system.crypto.ERROR OpenSSL error: Using configuration from /var/tmp/openxpki132672geFSqHO/openssl.cnf Error Loading extension section v3ca 139957629179536:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:324:group=ca name=email_in_dn 139957629179536:error:22075075:X509 V3 routines:v2i_GENERAL_NAME_ex:unsupported option:v3_alt.c:550:name=dns.1 139957629179536:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=subjectAltName, value=@san_section unable to write 'random state' [pid=13267|sid=+Nku|wftype=certificate_signing_request_v2|wfid=11519] 2019/09/04 13:19:20 openxpki.system.ERROR I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_STATUS__ => 256 [pid=13267|sid=+Nku|wftype=certificate_signing_request_v2|wfid=11519] 2019/09/04 13:19:20 openxpki.system.ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __ERRVAL__ => I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_STATUS__ => 256; __COMMAND__ => OpenXPKI::Crypto::Backend::OpenSSL::Command::issue_cert [pid=13267|sid=+Nku|wftype=certificate_signing_request_v2|wfid=11519] 2019/09/04 13:19:20 openxpki.application.WARN NICE issueCertificate failed but pause_on_error is requested [pid=13267|sid=+Nku|wftype=certificate_signing_request_v2|wfid=11519] 2019/09/04 13:19:20 openxpki.application.ERROR Original error: I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __ERRVAL__ => I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_STATUS__ => 256; __COMMAND__ => OpenXPKI::Crypto::Backend::OpenSSL::Command::issue_cert [pid=13267|sid=+Nku|wftype=certificate_signing_request_v2|wfid=11519] 2019/09/04 13:19:20 openxpki.application.INFO Action global_nice_issue_certificate paused (I18N_OPENXPKI_UI_PAUSED_CERTSIGN_TOKEN_SIGNING_FAILED), wakeup 2019-09-04T11:26:07 [pid=13267|sid=+Nku|wftype=certificate_signing_request_v2|wfid=11519] 2019/09/04 13:19:20 Workflow.ERROR Caught exception from action: [Generic exception]; reset workflow to old state 'NICE_ISSUE_CERTIFICATE' [pid=13267|sid=+Nku|wftype=certificate_signing_request_v2|wfid=11519] ``` Any ideas how I solve this problem? I tried looking at the example files, but they use references that don't seem to exist in the `template` folder. Thanks! Kind regards, Artuur
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
