View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000099Main CAcert Websiteorganisational sectionpublic2005-11-29 05:122013-11-20 22:23
Reporterhomer Assigned Toduane  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionduplicate 
Fixed in Version2006 
Summary0000099: Organisational Server Certs do not include Organisation pieces of Information
DescriptionI tested, in July, the organisation client certificates, they looked fine.

But recently, the admin of Polyware reported there is no extra info in the server cert.

After I've tested the "Polyware" account as org admin, I've tested today the "ISEANE" account, still no info.

No matter if you add or not the org info in the CSR, if the domain name is valid, after you choose the certificate class (1 or 3), you insert the CSR block, then you click on "Submit", then the org info appear on the web page. After you've validated the whole thing you get the signed cert.

Unfortunately, each time I've tested (4 or 5 times), the org server cert only contained the Domain Name (CN)
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

duplicate of 0000084 closed Organisational web certs do not include any attributes besides CN 

Activities

homer

2005-12-01 04:07

reporter   ~0000048

test with evaldo's script

the screen properly shows the page with the organisation's attributes

[gr@gr Pauline 0/0]$ openssl req -in ../_csr.pem -text
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=*.iseane.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:a2:6e:46:7f:43:0e:78:0d:93:4f:ff:8c:4b:78:
                    7f:8e:6a:9f:cd:b8:d7:48:cb:49:e6:e9:4a:f7:cd:
                    92:bd:26:a8:10:5e:bc:6d:cc:9d:f7:2a:b5:99:0f:
                    4c:cf:79:39:79:3c:0c:4e:ae:a8:82:8d:bf:3c:7e:
                    8e:f3:2b:6f:ca:42:af:31:25:6f:6d:70:f9:3a:87:
                    93:b9:26:2b:1e:d7:8b:cd:ac:99:7f:32:e7:24:58:
                    0e:84:66:72:e9:99:a6:e1:54:9c:63:34:e4:1a:4a:
                    e2:f1:38:c8:e5:24:5d:46:3f:b3:f5:0f:d0:f2:65:
                    f5:15:2b:44:bf:a1:80:97:84:e7:e0:68:74:db:f7:
                    e4:f6:df:9f:50:08:f1:fe:29:9c:ef:19:8b:30:e5:
                    a9:81:61:b9:f5:01:55:b7:c8:e3:fb:f5:4a:83:96:
                    12:20:21:79:a1:75:61:b8:32:dc:cb:ad:c9:50:39:
                    15:48:f3:61:98:32:96:64:84:62:d8:18:2e:08:24:
                    6c:b9:e0:b6:d9:c5:9e:0b:9f:85:79:2e:62:99:e5:
                    31:6c:c5:33:d9:0d:56:50:8a:22:7d:07:05:19:97:
                    56:62:c1:da:46:0d:6c:6f:6e:5b:b8:b2:02:50:69:
                    77:50:49:86:6b:0e:51:18:68:c5:f0:b9:ce:28:01:
                    d9:ad
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            X509v3 Subject Alternative Name:
                DNS:*.iseane.com
    Signature Algorithm: sha1WithRSAEncryption
        89:fa:bf:ba:c0:5b:0e:d2:c1:b8:af:7b:e1:8f:82:b4:fc:c3:
        7b:cc:c7:21:2b:91:4d:85:bb:e3:9a:37:2d:e3:de:d1:75:cd:
        9b:61:b1:53:42:07:92:5a:ef:3e:97:0e:4a:28:fd:61:1a:a3:
        67:9b:04:1b:0e:2a:2f:87:5c:ce:13:54:35:04:e5:42:c3:9d:
        3d:80:0b:99:2d:c3:56:0e:d1:db:ba:0a:28:6e:7e:08:87:c3:
        22:75:97:f8:06:5f:1d:1d:1c:52:85:24:d3:07:ed:28:53:00:
        2a:05:3a:33:43:20:8f:9b:e4:87:d2:a7:37:8e:25:eb:e4:32:
        96:0b:e9:10:f7:25:38:9c:c1:55:97:a0:14:b6:68:35:f5:33:
        24:9b:b1:6e:d0:f0:0c:95:a8:b9:01:b7:05:52:5a:13:4a:56:
        09:9c:fe:d9:65:af:84:41:28:fc:bf:5e:a3:cc:ea:19:6c:52:
        31:11:3e:c8:55:7d:97:8e:0c:92:1a:f5:80:18:18:c6:fe:56:
        e9:f2:22:d2:5f:4f:a1:ef:97:7c:af:ad:7e:03:f6:da:89:ce:
        e2:ee:d3:c9:f8:ba:26:b4:9c:8c:35:29:76:70:cc:ce:b3:d1:
        a0:49:92:17:60:b6:ab:58:9a:49:82:81:a4:b2:fd:46:90:3c:
        ec:20:55:8a
-----BEGIN CERTIFICATE REQUEST-----
MIIChjCCAW4CAQAwFzEVMBMGA1UEAxQMKi5pc2VhbmUuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAom5Gf0MOeA2TT/+MS3h/jmqfzbjXSMtJ5ulK
982SvSaoEF68bcyd9yq1mQ9Mz3k5eTwMTq6ogo2/PH6O8ytvykKvMSVvbXD5OoeT
uSYrHteLzayZfzLnJFgOhGZy6Zmm4VScYzTkGkri8TjI5SRdRj+z9Q/Q8mX1FStE
v6GAl4Tn4Gh02/fk9t+fUAjx/imc7xmLMOWpgWG59QFVt8jj+/VKg5YSICF5oXVh
uDLcy63JUDkVSPNhmDKWZIRi2BguCCRsueC22cWeC5+FeS5imeUxbMUz2Q1WUIoi
fQcFGZdWYsHaRg1sb25buLICUGl3UEmGaw5RGGjF8LnOKAHZrQIDAQABoCowKAYJ
KoZIhvcNAQkOMRswGTAXBgNVHREEEDAOggwqLmlzZWFuZS5jb20wDQYJKoZIhvcN
AQEFBQADggEBAIn6v7rAWw7Swbive+GPgrT8w3vMxyErkU2Fu+OaNy3j3tF1zZth
sVNCB5Ja7z6XDkoo/WEao2ebBBsOKi+HXM4TVDUE5ULDnT2AC5ktw1YO0du6Cihu
fgiHwyJ1l/gGXx0dHFKFJNMH7ShTACoFOjNDII+b5IfSpzeOJevkMpYL6RD3JTic
wVWXoBS2aDX1MySbsW7Q8AyVqLkBtwVSWhNKVgmc/tllr4RBKPy/XqPM6hlsUjER
PshVfZeODJIa9YAYGMb+VunyItJfT6Hvl3yvrX4D9tqJzuLu08n4uia0nIw1KXZw
zM6z0aBJkhdgtqtYmkmCgaSy/UaQPOwgVYo=
-----END CERTIFICATE REQUEST-----


[gr@gr Pauline 0/0]$ openssl x509 -in eva1.crt -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 110482 (0x1af92)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
        Validity
            Not Before: Nov 30 16:53:19 2005 GMT
            Not After : Nov 30 16:53:19 2007 GMT
        Subject: CN=*.iseane.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:a2:6e:46:7f:43:0e:78:0d:93:4f:ff:8c:4b:78:
                    7f:8e:6a:9f:cd:b8:d7:48:cb:49:e6:e9:4a:f7:cd:
                    92:bd:26:a8:10:5e:bc:6d:cc:9d:f7:2a:b5:99:0f:
                    4c:cf:79:39:79:3c:0c:4e:ae:a8:82:8d:bf:3c:7e:
                    8e:f3:2b:6f:ca:42:af:31:25:6f:6d:70:f9:3a:87:
                    93:b9:26:2b:1e:d7:8b:cd:ac:99:7f:32:e7:24:58:
                    0e:84:66:72:e9:99:a6:e1:54:9c:63:34:e4:1a:4a:
                    e2:f1:38:c8:e5:24:5d:46:3f:b3:f5:0f:d0:f2:65:
                    f5:15:2b:44:bf:a1:80:97:84:e7:e0:68:74:db:f7:
                    e4:f6:df:9f:50:08:f1:fe:29:9c:ef:19:8b:30:e5:
                    a9:81:61:b9:f5:01:55:b7:c8:e3:fb:f5:4a:83:96:
                    12:20:21:79:a1:75:61:b8:32:dc:cb:ad:c9:50:39:
                    15:48:f3:61:98:32:96:64:84:62:d8:18:2e:08:24:
                    6c:b9:e0:b6:d9:c5:9e:0b:9f:85:79:2e:62:99:e5:
                    31:6c:c5:33:d9:0d:56:50:8a:22:7d:07:05:19:97:
                    56:62:c1:da:46:0d:6c:6f:6e:5b:b8:b2:02:50:69:
                    77:50:49:86:6b:0e:51:18:68:c5:f0:b9:ce:28:01:
                    d9:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication, Netscape Server Gated Crypto, Microsoft Server Gated Crypto
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
            Authority Information Access:
                OCSP - URI:http://ocsp.cacert.org

            X509v3 Subject Alternative Name:
                DNS:*.iseane.com
    Signature Algorithm: sha1WithRSAEncryption
        4a:bb:d1:21:7b:9a:61:8f:b6:4e:21:8b:04:39:49:85:06:c2:
        48:de:0c:38:62:08:08:ed:de:36:80:cf:25:70:95:29:b1:a7:
        35:65:cf:02:bf:9a:22:54:00:f5:7f:47:5a:28:06:b9:c9:5a:
        ab:13:f9:09:2a:47:b6:af:a2:7d:55:0d:8b:38:7c:44:42:c3:
        03:46:2c:eb:f5:85:01:82:ce:90:ec:68:05:d5:30:8f:6e:69:
        ca:5a:2a:1e:d0:fe:ed:3f:02:40:68:19:91:14:77:ff:ac:4c:
        4e:82:03:d3:2e:30:68:f2:39:55:e7:1a:18:7b:ce:ac:a8:b6:
        f5:c5:e3:1b:05:8c:71:c8:0b:b0:40:de:b4:c1:34:8c:93:c7:
        a2:0c:76:41:03:39:28:61:4e:d9:8e:c9:c8:f8:3c:a3:e7:b0:
        f5:2d:7a:f6:55:0c:fa:03:21:e8:c8:f6:74:90:a5:ce:ae:f2:
        88:46:ee:3d:f7:de:f8:1a:3c:0a:3b:66:89:6a:52:49:81:51:
        f1:c3:68:04:37:3a:b2:e2:e5:33:b5:f7:68:51:ad:e7:af:ed:
        f2:6a:6b:4e:36:5e:70:b9:8a:c1:5a:23:e5:c5:a6:f3:11:77:
        b8:88:a2:13:c8:8d:80:8e:b0:1b:62:1c:5e:1c:51:a0:c1:84:
        68:c0:99:1d:ee:bf:a2:f3:07:cc:cd:f9:62:6d:b3:71:45:24:
        3d:2a:7a:fa:11:40:5c:8a:6e:69:7e:87:76:d0:71:36:91:8f:
        6c:7e:ba:21:0f:fa:91:cf:4c:8a:6c:f3:ab:b2:e7:db:65:43:
        36:f1:2a:2f:0d:f9:fd:e9:d5:e5:87:f9:71:c2:51:6b:aa:a4:
        78:1c:4c:c9:e2:51:90:e5:54:7e:d0:70:b6:3a:d0:64:56:92:
        5d:8a:a0:8a:e2:93:c4:23:2c:3e:10:6e:61:5f:da:7c:89:19:
        4f:3a:4e:dc:8f:c6:8b:2e:1b:ee:fe:ed:df:98:d9:e2:9e:a9:
        a6:72:58:76:df:0a:88:ec:e5:8c:2f:db:2a:08:67:47:23:a6:
        8c:cd:f5:d5:01:fb:42:2b:72:e1:63:34:4b:95:5e:67:f1:12:
        cc:ac:35:7d:44:0f:0c:0e:6b:0a:29:7b:15:ef:ee:a8:bf:fc:
        1a:77:39:e0:24:9d:0b:81:78:0b:6b:90:ea:9b:b0:3a:b7:a0:
        ef:a1:5d:1f:0b:ba:37:1b:f7:16:fc:37:3c:46:84:91:4c:73:
        64:55:2b:16:66:85:ac:37:3f:88:03:dc:9c:8b:23:a3:44:3c:
        d7:53:f4:60:76:82:e3:d9:d1:37:b4:2e:75:2e:94:c1:68:5c:
        b8:57:6a:da:44:88:69:19
-----BEGIN CERTIFICATE-----
MIIErzCCApegAwIBAgIDAa+SMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTA1MTEzMDE2NTMxOVoXDTA3MTEzMDE2NTMxOVowFzEV
MBMGA1UEAxQMKi5pc2VhbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAom5Gf0MOeA2TT/+MS3h/jmqfzbjXSMtJ5ulK982SvSaoEF68bcyd9yq1
mQ9Mz3k5eTwMTq6ogo2/PH6O8ytvykKvMSVvbXD5OoeTuSYrHteLzayZfzLnJFgO
hGZy6Zmm4VScYzTkGkri8TjI5SRdRj+z9Q/Q8mX1FStEv6GAl4Tn4Gh02/fk9t+f
UAjx/imc7xmLMOWpgWG59QFVt8jj+/VKg5YSICF5oXVhuDLcy63JUDkVSPNhmDKW
ZIRi2BguCCRsueC22cWeC5+FeS5imeUxbMUz2Q1WUIoifQcFGZdWYsHaRg1sb25b
uLICUGl3UEmGaw5RGGjF8LnOKAHZrQIDAQABo4GhMIGeMAwGA1UdEwEB/wQCMAAw
NAYDVR0lBC0wKwYIKwYBBQUHAwIGCCsGAQUFBwMBBglghkgBhvhCBAEGCisGAQQB
gjcKAwMwCwYDVR0PBAQDAgWgMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
aHR0cDovL29jc3AuY2FjZXJ0Lm9yZzAXBgNVHREEEDAOggwqLmlzZWFuZS5jb20w
DQYJKoZIhvcNAQEFBQADggIBAEq70SF7mmGPtk4hiwQ5SYUGwkjeDDhiCAjt3jaA
zyVwlSmxpzVlzwK/miJUAPV/R1ooBrnJWqsT+QkqR7avon1VDYs4fERCwwNGLOv1
hQGCzpDsaAXVMI9uacpaKh7Q/u0/AkBoGZEUd/+sTE6CA9MuMGjyOVXnGhh7zqyo
tvXF4xsFjHHIC7BA3rTBNIyTx6IMdkEDOShhTtmOycj4PKPnsPUtevZVDPoDIejI
9nSQpc6u8ohG7j333vgaPAo7ZolqUkmBUfHDaAQ3OrLi5TO192hRreev7fJqa042
XnC5isFaI+XFpvMRd7iIohPIjYCOsBtiHF4cUaDBhGjAmR3uv6LzB8zN+WJts3FF
JD0qevoRQFyKbml+h3bQcTaRj2x+uiEP+pHPTIps86uy59tlQzbxKi8N+f3p1eWH
+XHCUWuqpHgcTMniUZDlVH7QcLY60GRWkl2KoIrik8QjLD4QbmFf2nyJGU86TtyP
xosuG+7+7d+Y2eKeqaZyWHbfCojs5Ywv2yoIZ0cjpozN9dUB+0IrcuFjNEuVXmfx
EsysNX1EDwwOawopexXv7qi//Bp3OeAknQuBeAtrkOqbsDq3oO+hXR8Lujcb9xb8
NzxGhJFMc2RVKxZmhaw3P4gD3JyLI6NEPNdT9GB2guPZ0Te0LnUulMFoXLhXatpE
iGkZ
-----END CERTIFICATE-----

homer

2005-12-01 04:50

reporter   ~0000050

tested with the FSFE account that has a valid SSL cert with all the info... not working...

homer

2005-12-04 04:21

reporter   ~0000066

The cert of FSFE in July was fine.

see https://www.fsfe.org/

duane

2006-08-14 05:58

developer   ~0000430

Duplicate of bug 0000084

Issue History

Date Modified Username Field Change
2005-11-29 05:12 homer New Issue
2005-12-01 04:07 homer Note Added: 0000048
2005-12-01 04:12 homer Assigned To => duane
2005-12-01 04:12 homer Reproducibility sometimes => always
2005-12-01 04:12 homer Status new => needs work
2005-12-01 04:50 homer Note Added: 0000050
2005-12-04 04:21 homer Note Added: 0000066
2006-08-14 05:57 duane Relationship added duplicate of 0000084
2006-08-14 05:58 duane Status needs work => closed
2006-08-14 05:58 duane Note Added: 0000430
2006-08-14 05:58 duane Resolution open => duplicate
2013-01-13 15:47 Werner Dworak Fixed in Version => 2006
2013-11-20 22:23 NEOatNHNG View Status private => public