0000555: Impossible to create client certificate with no mailaddress

ID	Project	Category	View Status	Date Submitted	Last Update

0000555	Main CAcert Website	certificate issuing	public	2008-05-15 15:03	2013-01-15 02:28

Reporter	~~user483~~	Assigned To
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Fixed in Version	2008

Summary	0000555: Impossible to create client certificate with no mailaddress
Description	During creation of clientcertificates the user can choose what mailaddresses to include into the certificate. The text displayed states: "[..] you can also issue certificates with no email addresses that are useful only for Authentication." In case one tries to create such a client certificate, an error is returned no matter whether an the optional CSR was pasted into the proper field or not). "I didn't receive a valid Certificate Request, hit the back button and try again." As a result it is currently not possible to create client certificates without mailaddress inside (i.e. for login purpose only).
Tags	No tags attached.

Reviewed by
Test Instructions

C_A 2008-05-21 23:13 reporter ~0001083	Hi emjay, do you still have problems with generating an certificate without an email address? I just tried to generate such an certificate and it worked fine for me. At the end I had a Certificate with CN = CAcert WoT User My selections for the 3 radio buttons: 1. sign with class 3 root certificate 2. no name 3. add Single-Sign-On ID (with "no Single-Sign-On ID" it didn't work for me) 4. no csr pasted hope this helps btw: I am not a member of staff (just another CAcert user)

~~user483~~ 2008-05-22 09:10 ~0001084	Hi C_A, seems like you are right, with "Single-Sign-On ID" it seems to work, while it doesnt without it. I only tried the later, because that was what i wanted to have. So seems like you've narrowed the bug down. regards, Emjay

~~user483~~ 2008-05-22 09:18 ~0001085	It's not a bug - it's a feature! I only got the Warning message wrong: "By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."

~~user483~~ 2008-05-22 09:18 ~0001086	My bad.

Date Modified	Username	Field	Change
2008-05-15 15:03	~~user483~~	New Issue
2008-05-21 23:13	C_A	Note Added: 0001083
2008-05-22 09:10	~~user483~~	Note Added: 0001084
2008-05-22 09:18	~~user483~~	Note Added: 0001085
2008-05-22 09:18	~~user483~~	Status	new => closed
2008-05-22 09:18	~~user483~~	Note Added: 0001086
2008-05-22 09:18	~~user483~~	Resolution	open => fixed
2013-01-15 02:28	Werner Dworak	Fixed in Version	=> 2008