View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000799 | Main CAcert Website | public | 2009-12-10 22:12 | 2013-01-07 22:00 | |
Reporter | oke | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | new | Resolution | open | ||
Summary | 0000799: Repeated CN in SAN in original CSR and produced in 1st received CRT is removed when CRT is renewed | ||||
Description | The original CSR has been following (domain names have been changed into examples): Subject: CN=*.abc.com X509v3 Subject Alternative Name: DNS:abc.com, DNS:*.def.com, DNS:def.com The first CRT received from CAcert: Subject: CN=*.abc.com X509v3 Subject Alternative Name: DNS:*.abc.com, othername:<unsupported>, DNS:abc.com, othername:<unsupported>, DNS:*.def.com, othername:<unsupported>, DNS:def.com, othername:<unsupported> Note that the bogus information in the SAN has already been reported in issue 0000768. After renewal of CRT: Subject: CN=*.abc.com X509v3 Subject Alternative Name: DNS:abc.com, DNS:*.def.com, DNS:def.com The CN is NOT repeated in the SAN in the renewed server certificate (CRT). Hence, the renewed CRT is useless. Browsing to https://www.abc.com of this example will definitely give an error. | ||||
Additional Information | In my original certificate signing request (CSR) the CN was not repeated in the SAN (see corrected Description). Meanwhile I made a new CSR where the CN was repeated in the SAN. The first CRT had CN repeated in the SAN resulting in twice DNS:*.abc.com in the SAN. When the CRT was renewed DNS:*.abc.com was only once in the SAN as required. | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
related to | 0001035 | closed | CN gets deleted from subjectAltName on cert renewal | |
related to | 0001101 | needs work | TimoAHummel | general rewrite of get info from csr routine in includes/general.php |
Date Modified | Username | Field | Change |
---|---|---|---|
2009-12-10 22:12 | oke | New Issue | |
2009-12-15 09:53 | oke | Description Updated | |
2009-12-15 09:53 | oke | Additional Information Updated | |
2011-10-23 12:26 | rastik | Note Added: 0002632 | |
2012-01-25 17:17 | NEOatNHNG | Project | bugs.cacert.org => Main CAcert Website |
2012-05-01 14:28 | mutax | Relationship added | related to 0001035 |
2013-01-07 22:00 | Werner Dworak | Relationship added | related to 0001101 |