Do not set SAN in the subject of CSRs and certificates in the legacy UI
The resulting certificate from the CSR has a line "Subject Alternate Name = DNS: abc.example.com" just before CN= in the "Subject" field of the certificate detail.
#6 Updated by Waqar Ahmed almost 3 years ago
- File Screenshot 2019-02-19 at 4.52.21 PM.png Screenshot 2019-02-19 at 4.52.21 PM.png added
- Status changed from In Progress to Blocked
- Reason for Blocked set to Need additional information from Author
Hello John, there is an issue with new UI when a csr is created from it. All SAN entries are not treated as they should be. You however seem to be not reflecting that issue in your description. Are you by any chance referring to this subject entry having SAN entry before CN ?
It would be very helpful if you please elaborated the issue you are referring to. I have attached a screenshot for a certificate which I made from the new UI.
#8 Updated by Waqar Ahmed almost 3 years ago
- Status changed from Blocked to In Progress
- Reason for Blocked deleted (
Need additional information from Author)
Yes this issue has been fixed in the latest nightlies for 11.3, just not backported to 11.2. SAN is being correctly generated when created from legacy UI but the issue is that it does not belong to the subject part and it is also being added to the subject ( though i am not sure if any CA has objection to that ). Still I'll have this fixed for the next 11.2 version as well. Apart from that we will also take care of generating correct SAN when csr/certificates are made from the new UI. Thank you for pointing this out!