View Issue Details

IDProjectCategoryView StatusLast Update
0000799Main CAcert Websitepublic2013-01-07 22:00
Reporteroke Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0000799: Repeated CN in SAN in original CSR and produced in 1st received CRT is removed when CRT is renewed
DescriptionThe original CSR has been following (domain names have been changed into examples):
Subject: CN=*
X509v3 Subject Alternative Name:, DNS:*,

The first CRT received from CAcert:
Subject: CN=*
X509v3 Subject Alternative Name:
DNS:*, othername:<unsupported>,, othername:<unsupported>, DNS:*, othername:<unsupported>,, othername:<unsupported>

Note that the bogus information in the SAN has already been reported in issue 0000768.

After renewal of CRT:
Subject: CN=*
X509v3 Subject Alternative Name:, DNS:*,

The CN is NOT repeated in the SAN in the renewed server certificate (CRT). Hence, the renewed CRT is useless. Browsing to of this example will definitely give an error.
Additional InformationIn my original certificate signing request (CSR) the CN was not repeated in the SAN (see corrected Description).

Meanwhile I made a new CSR where the CN was repeated in the SAN. The first CRT had CN repeated in the SAN resulting in twice DNS:* in the SAN. When the CRT was renewed DNS:* was only once in the SAN as required.
TagsNo tags attached.
Reviewed by
Test Instructions


related to 0001035 closed CN gets deleted from subjectAltName on cert renewal 
related to 0001101 needs workTimoAHummel general rewrite of get info from csr routine in includes/general.php 



2011-10-23 12:26

reporter   ~0002632

My server certificate with s/n 0ACCAA has the same problem. Renewed today.

Issue History

Date Modified Username Field Change
2009-12-10 22:12 oke New Issue
2009-12-15 09:53 oke Description Updated
2009-12-15 09:53 oke Additional Information Updated
2011-10-23 12:26 rastik Note Added: 0002632
2012-01-25 17:17 NEOatNHNG Project => Main CAcert Website
2012-05-01 14:28 mutax Relationship added related to 0001035
2013-01-07 22:00 Werner Dworak Relationship added related to 0001101