View Issue Details

IDProjectCategoryView StatusLast Update
0000555Main CAcert Websitecertificate issuingpublic2013-01-15 02:28
Reporteruser483Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version2008 
Summary0000555: Impossible to create client certificate with no mailaddress
DescriptionDuring creation of clientcertificates the user can choose what mailaddresses to include into the certificate.

The text displayed states: "[..] you can also issue
certificates with no email addresses that are useful only for Authentication."

In case one tries to create such a client certificate, an error is returned no matter whether an the optional CSR was pasted into the proper field or not).

"I didn't receive a valid Certificate Request, hit the back button and try again."

As a result it is currently not possible to create client certificates without mailaddress inside (i.e. for login purpose only).
TagsNo tags attached.
Reviewed by
Test Instructions

Activities

C_A

2008-05-21 23:13

reporter   ~0001083

Hi emjay,

do you still have problems with generating an certificate without an email address?

I just tried to generate such an certificate and it worked fine for me.
At the end I had a Certificate with
CN = CAcert WoT User

My selections for the 3 radio buttons:
1. sign with class 3 root certificate
2. no name
3. add Single-Sign-On ID (with "no Single-Sign-On ID" it didn't work for me)
4. no csr pasted

hope this helps

btw: I am not a member of staff
(just another CAcert user)

user483

2008-05-22 09:10

  ~0001084

Hi C_A,

seems like you are right, with "Single-Sign-On ID" it seems to work, while it doesnt without it. I only tried the later, because that was what i wanted to have. So seems like you've narrowed the bug down.

regards,

Emjay

user483

2008-05-22 09:18

  ~0001085

It's not a bug - it's a feature! I only got the Warning message wrong:

"By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue
certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our
WIKI about it."

user483

2008-05-22 09:18

  ~0001086

My bad.

Issue History

Date Modified Username Field Change
2008-05-15 15:03 user483 New Issue
2008-05-21 23:13 C_A Note Added: 0001083
2008-05-22 09:10 user483 Note Added: 0001084
2008-05-22 09:18 user483 Note Added: 0001085
2008-05-22 09:18 user483 Status new => closed
2008-05-22 09:18 user483 Note Added: 0001086
2008-05-22 09:18 user483 Resolution open => fixed
2013-01-15 02:28 Werner Dworak Fixed in Version => 2008