View Issue Details

IDProjectCategoryView StatusLast Update
0001151Main CAcert Websitecertificate issuingpublic2013-03-05 12:44
Reporteroej Assigned To 
Status newResolutionopen 
Summary0001151: Support SIP URI in subject alt names
DescriptionSIP DOmain certificates, specified in RFC 5922, use a Subject Alt name of type URI. For a certificate for, the URI would be Even if a CSR contains this URI today, CAcert strips these SANs away.

I would like to suggest that we keep the URI's that match the domain name in the CN, even if CN is not used in SIP in this case. That's a first step to getting SIP URIs in the CAcert certificates, and a rather simple one.
In short:
- If we issue a cert for, also approve as a SAN URI.
- If we issue a cert for CN, also approv as a SAN URI.
Additional InformationA cert with a CN being could have SAN URIs for Since these does not match, it's harder to find a way to validate, but still possible.

A cert with a CN being could have SAN URIs for other domains, like and and

This could be a bit trickier, so I suggest we look into a simple first step.

(Sorry if posting in the wrong section and category, found it hard to find the right "home" for this issue. Got recommended to file an issue in the bug tracker at FosDEM).
TagsNo tags attached.
Reviewed by
Test Instructions


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2013-03-05 12:44 oej New Issue