View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000799 | Main CAcert Website | public | 2009-12-10 22:12 | 2013-01-07 22:00 | |
| Reporter | oke | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| Summary | 0000799: Repeated CN in SAN in original CSR and produced in 1st received CRT is removed when CRT is renewed | ||||
| Description | The original CSR has been following (domain names have been changed into examples): Subject: CN=*.abc.com X509v3 Subject Alternative Name: DNS:abc.com, DNS:*.def.com, DNS:def.com The first CRT received from CAcert: Subject: CN=*.abc.com X509v3 Subject Alternative Name: DNS:*.abc.com, othername:<unsupported>, DNS:abc.com, othername:<unsupported>, DNS:*.def.com, othername:<unsupported>, DNS:def.com, othername:<unsupported> Note that the bogus information in the SAN has already been reported in issue 0000768. After renewal of CRT: Subject: CN=*.abc.com X509v3 Subject Alternative Name: DNS:abc.com, DNS:*.def.com, DNS:def.com The CN is NOT repeated in the SAN in the renewed server certificate (CRT). Hence, the renewed CRT is useless. Browsing to https://www.abc.com of this example will definitely give an error. | ||||
| Additional Information | In my original certificate signing request (CSR) the CN was not repeated in the SAN (see corrected Description). Meanwhile I made a new CSR where the CN was repeated in the SAN. The first CRT had CN repeated in the SAN resulting in twice DNS:*.abc.com in the SAN. When the CRT was renewed DNS:*.abc.com was only once in the SAN as required. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
| related to | 0001035 | closed | CN gets deleted from subjectAltName on cert renewal | |
| related to | 0001101 | needs work | TimoAHummel | general rewrite of get info from csr routine in includes/general.php |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2009-12-10 22:12 | oke | New Issue | |
| 2009-12-15 09:53 | oke | Description Updated | |
| 2009-12-15 09:53 | oke | Additional Information Updated | |
| 2011-10-23 12:26 | rastik | Note Added: 0002632 | |
| 2012-01-25 17:17 | NEOatNHNG | Project | bugs.cacert.org => Main CAcert Website |
| 2012-05-01 14:28 | mutax | Relationship added | related to 0001035 |
| 2013-01-07 22:00 | Werner Dworak | Relationship added | related to 0001101 |
