View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000672Main CAcert Websitecertificate issuingpublic2009-01-29 21:542012-03-22 11:13
Reporteriang Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0000672: RFC5280 deprecates EmailAddress= in certificates, wants subjectAltName= instead
DescriptionEmailAddress is deprecated under RFC5280 http://tools.ietf.org/html/rfc5280#section-4.2.1.6 and its predecessors.

subjectAltName is supposed to be used instead.
Additional InformationCPS3.1.1 is currently being reviewed for DRAFT and wants to get rid of old stuff.
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

related to 0000440 closedNEOatNHNG Problem with subjectAltName 

Activities

Daniel Black

2009-05-17 12:09

reporter   ~0001408

this also means SSO needs to be dropped or replaced with some RFC compliant mechanism. Currently it sets a email address to a sha1 of a random number.

Uli60

2012-01-06 01:38

updater   ~0002765

report by mk 2012-01-06

I've renewed cert s/n 0xa6422 to s/n 0xb2170 and my SAN changed.
Previously it supported DNS:www.mydomain.tld, mydomain.tld now it has
only DNS:mydomain.tld.

I found this thread in the archives:

https://lists.cacert.org/wws/arc/cacert-support/2009-05/msg00118.html

and it looks like the issue happen in the past and should be fixed,
however I've renewed my certificate last month and today I've noticed
the problem on my server.

Did the bug came back again or is this behaviour intentional? Please
advise.

--
best regards
q#

NEOatNHNG

2012-01-06 12:10

administrator   ~0002766

0000672:0002765 Looks like the first SAN gets dropped on renewal. Can you please test whether this intuition is true (e.g. generate server certs with foo.mydomain.tld, bar.mydomain.tld in SAN and then renew it)? However this seems unrelated to the original bug topic.

The original topic should be solved by now (for client certs, SSO not yet resolved). The EmailAddress is still included for backward compatibility but SAN is also set.

Issue History

Date Modified Username Field Change
2009-01-29 21:54 iang New Issue
2009-05-17 12:09 Daniel Black Note Added: 0001408
2012-01-06 01:38 Uli60 Note Added: 0002765
2012-01-06 12:10 NEOatNHNG Note Added: 0002766
2012-01-08 23:21 Uli60 Relationship added related to 0000440