GUID and UPN were removed from OpenXPKI in Jan 2019. I am currently using the
3.20.0 version .
Can someone elaborate it how we can add UPN to our PKI setup?
RegardsScotty
On Wednesday, 7 September 2022 at 05:23:14 pm GMT+5, Sami Hulkko
<[email protected]> wrote:
Hi,
...style:... enroll: subject: dn: CN=[% CN.0
%],DC=...,DC=... san: dns: "[% FOREACH entry =
SAN_DNS %][% entry.lower %] | [% END %]" otherName:
"1.3.6.1.4.1.311.25.1:<HEX code in this case of DC GUID>"...extensions:
key_usage: critical: 1 digital_signature: 1
key_encipherment: 1 non_repudiation: 1 extended_key_usage:
critical: 0 client_auth: 1 server_auth: 1 #msKDC
certification 1.3.6.1.5.2.3.5: 1 #Subject Alt Name UPN OtherName
1.3.6.1.4.1.311.20.2.3: 1 #Guid 1.3.6.1.4.1.311.25.1: 1
#id DomainController for MS template name to be able to insert #it in MS
Domain Controllers cert store. Samba not needed. 1.3.6.1.4.1.311.20.2: 1
oid: 1.3.6.1.4.1.311.20.2: critical: 0 format:
ASN1 encoding: UTF8String value: DomainController On
07/09/2022 14:28, Scott Thomas via OpenXPKI-users wrote:
Bonjour,
I tried it but couldn't succeed. Can you please share your exact
modification?
Regards Scotty
On Wednesday, 19 May 2021 at 09:59:03 pm GMT+5, Michal Moravec
<[email protected]> wrote:
Hi there,
I have been recently configuring this. See default profiles/sample.yaml
You need to specify otherName by specific OID inside SAN like this:
subject: san: otherName: "1.3.6.1.4.1.311.20.2.3;UTF8:[%
VARIABLE_WITH_UPN %]"
Also you need to add SMARTCARD logon capability tothe extended_key_usage:
extended_key_usage: 1.3.6.1.4.1.311.20.2.2: 1
I found out there used to be predefined variable for UPN but it got removed
https://github.com/openxpki/openxpki/commit/230bc37dfcf30586c98d58a66d96c32ea69e1796
Not sure why.
Best regards,
|
|
|
|
|
|
|
| |
|
|
| Michal Moravec | Apple system administrator |
|
| Logicworks, s.r.o. |
| Argentinská 1621/36, Praha 7 |
| www.logicworks.cz | 778745013 |
|
|
On 19. 5. 2021, at 18:34, Scott Thomas via OpenXPKI-users
<[email protected]> wrote:
Hi,
I want to add a UPN name or Principal Name (same like and email and used in
MS Smart Card Logon) in the SAN (subject alternative name) of my
/etc/openxpki/config.d/realm.tpl/profile/user_auth_enc.yaml.bak profile. How
can i do this?
Regards _______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Me worry? That's why my first CD was Peter Gabriel SO....
Sami Hulkko
[email protected]
[email protected]
[email protected]
+358 45 85693 919 _______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
