Project

General

Profile

Bug #32577

Generate specified Subject Alternate Names in Certificate Signing Request

Added by Jeremy Jameson about 1 year ago. Updated 10 months ago.

Status:
Done
Priority:
No priority
Assignee:
Waqar Ahmed
Category:
Middleware
Target version:
Seen in:
Severity:
Low Medium
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

When creating a CSR, the help icon for the Subject Alternate Names field specifies to use space separated domains. However, when more than one name is specified, the generated CSR does not contain the expected DNS names. For example, when I specify "tt-nas02 tt-nas02.corp.technologytoolbox.com" in the Subject Alternate Names field (without the quotes), the CSR contains the following:

Requested Extensions:
X509v3 Subject Alternative Name:
DNS:tt-nas02 tt-nas02.corp.technologytoolbox.com

I think the CSR should contain the following:

Requested Extensions:
X509v3 Subject Alternative Name:
DNS:tt-nas02, DNS=tt-nas02.corp.technologytoolbox.com

I also tried separating the SANs onto multiple lines, but that didn't work either.


Related issues

Related to FreeNAS - Feature #31953: Convert System:CA to MiddlewaredDone

Associated revisions

Revision fc3a5d33 (diff)
Added by Waqar Ahmed 12 months ago

Changes for SAN implemented - ticket: #32577

Revision c2a18d80 (diff)
Added by Waqar Ahmed 12 months ago

Changes for SAN implemented - ticket: #32577

Revision 0cf1c7ea (diff)
Added by Waqar Ahmed 12 months ago

Changes for SAN implemented - ticket: #32577

History

#1 Updated by Jeremy Jameson about 1 year ago

Sorry, the expected value in the CSR should be:

Requested Extensions:
X509v3 Subject Alternative Name:
DNS:tt-nas02, DNS:tt-nas02.corp.technologytoolbox.com

(colon delimiter -- not '=')

#2 Updated by Dru Lavigne about 1 year ago

  • Reason for Blocked set to Need additional information from Author

Jeremy: to clarify, is this in the old UI or the new UI or both?

#3 Updated by Jeremy Jameson about 1 year ago

This is the default UI -- which I believe you refer to as the "old" UI. I have not tried this in the "new" UI (which I am assuming to mean Corral).

#4 Updated by Dru Lavigne about 1 year ago

  • Category changed from GUI (new) to Middleware
  • Assignee changed from Release Council to William Grzybowski
  • Target version set to 11.2-RC2

#5 Updated by William Grzybowski 12 months ago

  • Assignee changed from William Grzybowski to Waqar Ahmed

Could you take a look when you get a chance, please?

#6 Updated by William Grzybowski 12 months ago

  • Reason for Blocked deleted (Need additional information from Author)

#7 Updated by Waqar Ahmed 12 months ago

  • Status changed from Unscreened to In Progress

#8 Updated by Waqar Ahmed 12 months ago

  • % Done changed from 0 to 90

Will be completed with ticket-31953

#9 Updated by Waqar Ahmed 12 months ago

  • Status changed from In Progress to Ready for Testing
  • Severity set to New

#10 Updated by Dru Lavigne 12 months ago

#11 Updated by Dru Lavigne 12 months ago

  • Subject changed from Incorrect Subject Alternate Names in Certificate Signing Request to Generate specified Subject Alternate Names in Certificate Signing Request
  • Target version changed from 11.2-RC2 to 11.2-BETA1
  • Needs QA changed from No to Yes
  • Needs Doc changed from Yes to No
  • Needs Merging changed from Yes to No

#12 Avatar?id=55038&size=24x24 Updated by Zackary Welch 10 months ago

  • Status changed from Ready for Testing to Done
  • Severity changed from New to Low Medium
  • Needs QA changed from Yes to No

Confirmed fixed in the latest build.

Also available in: Atom PDF