Hi Sami, guid is not a supported extension by OpenSSL and OpenXPKI can not handle it natively.
You can add a GUID using the "free oid" syntax like described here: https://github.com/openxpki/openxpki-config/blob/community/config.d/realm.tpl/profile/sample.yaml#L183 If you need a dynmaic guid you need to rework the workflows and use this class: https://github.com/openxpki/openxpki/blob/develop/core/server/OpenXPKI/Server/Workflow/Activity/Tools/AddCertExtension.pm Oliver Am 22.01.22 um 13:13 schrieb Sami Hulkko: > > Hi, > > Is there any support for Ms GUID? I got the alt name working with: > > snip (some_tls_request_type.yaml): > > san: > > - san_guid > > ... > > enroll: > > subject: > > san: > > dns: ..... > > guid: "[% FOREACH entry....]" //like DNS or IP > > - snip > > > and creating specific template san_guid.yaml based on other > san_xxx.yaml files with id guid. > > the certificate provisioning goes forward up to key generation and at > PKS10 it fails for unknown reason. It seens that the san_guid is > missing identifier for cert_subject_alt_name: > > [object] > > [ > "", //empty > "guid string HEX" > ] > > while DNS: > > [ > "DNS", /has DNS field > "somesystem.com" > ] > > I just wonder where these are defined? > -- > Sami Hulkko > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
