Bug 492372 - For extension profiles chapter: add what possible tokens can be used with each default
For extension profiles chapter: add what possible tokens can be used with eac...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Certificate System
Classification: Red Hat
Component: Doc-administration-guide (Show other bugs)
8.0
All Linux
high Severity medium
: rc
: ---
Assigned To: Deon Ballard
Joshua Wulf
: Documentation
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-03-26 12:34 EDT by Deon Ballard
Modified: 2017-04-10 10 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-11-12 21:18:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Deon Ballard 2009-03-26 12:34:49 EDT
For each default, there needs to be information on what patterns or tokens can be used as values. For example, for the subjectaltname default: 
http://elladeon.fedorapeople.org/RHCS/8.0/admin/Administration_Guide-Certificate_and_CRL_Extensions.html#Administration_Guide-Defaults_Reference-Subject_Alternative_Name_Extension_Default

policyset.serverCertSet.9.default.params.subjAltExtPattern_0=$request.requester_email$
policyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.SAN1$

What are the possible values for each subjAltExtPattern_# parameter? That needs to be added. 

This needs done for both CA profiles and TPS profiles (see bug 488624).
Comment 1 Deon Ballard 2009-06-19 18:21:21 EDT
I added the table to the default section:
http://elladeon.fedorapeople.org/RHCS/8.0/admin/Certificate_and_CRL_Extensions.html#Subject_Alternative_Name_Extension_Default

I also tried to make the existing section on inserting LDAP attributes in the subjaltname (which had this table of tokens already) more prominent in the docs:
http://elladeon.fedorapeople.org/RHCS/8.0/admin/Managing_Subject_Names_and_Subject_Alternative_Names.html#Populating_Certificates_with_Directory_Attributes

That's in a new (major) section on managing the subject name/subjaltname.

I've sent an email out to the engineers to make sure all of the possible tokens are included. 

Also, I'm not sure about the second section, on LDAP attributes, because I also included the UUID token in there. It seems appropriate to me, but I don't know if there is a whole slew of non-LDAP tokens available for the subjaltname that it belongs to, instead. If that's the case, I'll change the docs accordingly.

For now, changing to modified.
Comment 3 Andrew Ross 2009-11-12 20:21:03 EST
Deon,

Any feedback from eng re LDAP attributes in comment #1 ?

Thanks

Andrew
Comment 4 Deon Ballard 2009-11-12 20:30:31 EST
Andrew, 

I *believe* that was covered in the tech reviews for admin chapter 2, in bug 510625. Don't hold me to it, though.
Comment 5 Andrew Ross 2009-11-12 21:18:57 EST
Thanks Deon,

comment #7 of bug 510625 :)

Cool, then we can close this one.

Note You need to log in before you can comment on or make changes to this bug.