Project

General

Profile

Bug #72571

Do not set SAN in the subject of CSRs and certificates in the legacy UI

Added by John Featherly almost 3 years ago. Updated over 2 years ago.

Status:
Done
Priority:
No priority
Assignee:
Waqar Ahmed
Category:
Middleware
Target version:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

The resulting certificate from the CSR has a line "Subject Alternate Name = DNS: abc.example.com" just before CN= in the "Subject" field of the certificate detail.


Related issues

Copied to FreeNAS - Bug #76396: Do not set SAN in the subject of CSRs and certificates in the new UIDone

Associated revisions

Revision 4f82a2aa (diff)
Added by Waqar Ahmed almost 3 years ago

Remove SAN from subject This commit makes sure that we don't set SAN in the subject of CSR's/certs. Ticket: #72571

Revision 5b9945e0 (diff)
Added by Waqar Ahmed almost 3 years ago

Remove SAN from subject This commit makes sure that we don't set SAN in the subject of CSR's/certs. Ticket: #72571

Revision 2a1cd629 (diff)
Added by Waqar Ahmed almost 3 years ago

Remove SAN from subject This commit makes sure that we don't set SAN in the subject of CSR's/certs. Ticket: #72571

History

#1 Updated by John Featherly almost 3 years ago

  • File debug-bitNAS3-20190129094122.txz added
  • Private changed from No to Yes

#2 Updated by Dru Lavigne almost 3 years ago

  • Category changed from GUI (new) to Middleware
  • Assignee changed from Release Council to Vladimir Vinogradenko

#4 Updated by William Grzybowski almost 3 years ago

  • Assignee changed from Vladimir Vinogradenko to Waqar Ahmed
  • Target version changed from Backlog to 11.2-U3

Waqar, can you investigate, please?

#5 Updated by Waqar Ahmed almost 3 years ago

  • Status changed from Unscreened to In Progress

#6 Updated by Waqar Ahmed almost 3 years ago

55002

Hello John, there is an issue with new UI when a csr is created from it. All SAN entries are not treated as they should be. You however seem to be not reflecting that issue in your description. Are you by any chance referring to this subject entry having SAN entry before CN ?
It would be very helpful if you please elaborated the issue you are referring to. I have attached a screenshot for a certificate which I made from the new UI.

#7 Updated by John Featherly almost 3 years ago

Hi Wagar,
Yes, that sounds like the same problem, the SAN appears in the Subject of the resulting certificate. I didn't realize there was already a known problem with the CSR generation.

#8 Updated by Waqar Ahmed almost 3 years ago

  • Status changed from Blocked to In Progress
  • Reason for Blocked deleted (Need additional information from Author)

Hello John,
Yes this issue has been fixed in the latest nightlies for 11.3, just not backported to 11.2. SAN is being correctly generated when created from legacy UI but the issue is that it does not belong to the subject part and it is also being added to the subject ( though i am not sure if any CA has objection to that ). Still I'll have this fixed for the next 11.2 version as well. Apart from that we will also take care of generating correct SAN when csr/certificates are made from the new UI. Thank you for pointing this out!

#9 Updated by Bug Clerk almost 3 years ago

  • Status changed from In Progress to Ready for Testing

#11 Updated by Dru Lavigne almost 3 years ago

  • File deleted (debug-bitNAS3-20190129094122.txz)

#12 Updated by Dru Lavigne almost 3 years ago

  • Subject changed from GUI produces incorrect CSR to Do not set SAN in the subject of CSRs and certificates
  • Private changed from Yes to No
  • Needs Doc changed from Yes to No
  • Needs Merging changed from Yes to No

#13 Updated by Waqar Ahmed almost 3 years ago

  • Copied to Bug #76396: Do not set SAN in the subject of CSRs and certificates in the new UI added

#14 Updated by Dru Lavigne almost 3 years ago

  • Subject changed from Do not set SAN in the subject of CSRs and certificates to Do not set SAN in the subject of CSRs and certificates in the legacy UI

#19 Updated by Jeff Ervin over 2 years ago

60708

Test Passed FreeNAS-11.2-U2-INTERNAL98

#20 Updated by Dru Lavigne over 2 years ago

  • Status changed from Passed Testing to Done

Also available in: Atom PDF