Define template fields in the ui.subject section of you profile and use them in the
rendering information in subject.san the same way you do for the subject.
dn: CN=[% hostname %][% IF port AND port != 443 %]:[% port %][% END %],DC=Test Deployment,DC=OpenXPKI,DC=org
- "[% hostname %]"
- "[% FOREACH entry = hostname2 %][% entry %]|[% END %]"
This will end up with a certificate which has the hostname as CN and
additionally copied to the SAN. A second hostname is also put into the SAN
section, empty or duplicate values are purged, in case that hostname2
is an array (multi input field), you need to use a foreach loop and end
each entry with the pipe symbol |. Hint: The foreach loop automagically
degrades if the given value is a scalar or even undef, so use foreach
whenever a list is possible.
Templated entries are displayed to the user during request but can not be
removed by the user.
To enable free SAN entries add a section ui.san next to you ui.subject. The
form fields MUST have a key that fits any of the allowed SAN items (e.g DNS,
IP, OID) and the value must be given in the approriate format for this item.
The users input is mapped without further templating to the san section of the
certificate (duplicate items and and leading/trailing whitespace are removed).
Note: If you upload a PKCS10 request having SANs, those ones that match the
available type are prefilled. Items that do not match a defined type are
# In the style definition
# In the template section
The above code will present the user up to 20 fields each to enter IPs or DNS
names. Each entry will show up as is as a single san entry.