View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001214 | Main CAcert Website | certificate issuing | public | 2013-09-29 10:21 | 2013-11-20 22:27 |
| Reporter | hhristov | Assigned To | NEOatNHNG | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | duplicate | ||
| Summary | 0001214: Extended validity certificates don't have the same Subject Alt Name as newly created certificates | ||||
| Description | I have a certificate for the domain hhristov.tk, with CN "hhristov.tk" and Subject Alternative Name "hhristov.tk" and "*.hhristov.tk". --------------- # openssl req -text -noout -in hhristov_csr.pem Certificate Request: Data: ... Subject: CN=hhristov.tk ... Attributes: Requested Extensions: X509v3 Subject Alternative Name: DNS:*.hhristov.tk, DNS:hhristov.tk --------------- The initially issued certificate has the correct Subject Alternative Name: --------------- # openssl x509 -noout -text -in hhristov_certificate.pem Certificate: Data: ... Subject: CN=hhristov.tk ... X509v3 extensions: ... X509v3 Subject Alternative Name: DNS:hhristov.tk, othername:<unsupported>, DNS:*.hhristov.tk, othername:<unsupported>, DNS:hhristov.tk, othername:<unsupported> --------------- However when I extend the validity of the certificate, the new certificate no longer has "hhristov.tk" in Subject Alternative Name, and Firefox complains that the certificate is not valid for hhristov.tk. --------------- # openssl x509 -noout -text -in hhristov_extended.pem Certificate: Data: ... Subject: CN=hhristov.tk ... X509v3 extensions: ... X509v3 Subject Alternative Name: DNS:*.hhristov.tk --------------- | ||||
| Steps To Reproduce | Create a certificate with CN example.com and Subject Alternative Name "example.com" and "*.example.com". At the end of the validity period renew the certificate. The resulting certificate doesn't have "example.com" in Subject Alternative Name. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
| duplicate of | 0000440 | closed | NEOatNHNG | Problem with subjectAltName |
| duplicate of | 0001035 | closed | CN gets deleted from subjectAltName on cert renewal | |
| duplicate of | 0000768 | closed | CAcert adds CommonName to SubjectAltName, although it's already there | |
| child of | 0001101 | needs work | TimoAHummel | general rewrite of get info from csr routine in includes/general.php |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2013-09-29 10:21 | hhristov | New Issue | |
| 2013-09-29 16:26 | Uli60 | Relationship added | duplicate of 0000440 |
| 2013-09-29 16:27 | Uli60 | Relationship added | duplicate of 0001035 |
| 2013-09-29 16:27 | Uli60 | Relationship added | duplicate of 0000768 |
| 2013-09-29 16:28 | Uli60 | Relationship added | related to 0001101 |
| 2013-09-29 16:28 | Uli60 | Relationship deleted | related to 0001101 |
| 2013-09-29 16:28 | Uli60 | Relationship added | child of 0001101 |
| 2013-11-20 22:27 | NEOatNHNG | Status | new => closed |
| 2013-11-20 22:27 | NEOatNHNG | Assigned To | => NEOatNHNG |
| 2013-11-20 22:27 | NEOatNHNG | Resolution | open => duplicate |
