Project

General

Profile

Bug #76396

Do not set SAN in the subject of CSRs and certificates in the new UI

Added by Waqar Ahmed almost 3 years ago. Updated over 2 years ago.

Status:
Done
Priority:
No priority
Assignee:
-
Category:
GUI (new)
Target version:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

The resulting certificate from the CSR has a line "Subject Alternate Name = DNS: abc.example.com" just before CN= in the "Subject" field of the certificate detail.

Certificates created with new UI do not split the SAN value on whitespace and send it to middleware API as a single SAN value whereas it holds multiple SAN values. This should be corrected.


Related issues

Copied from FreeNAS - Bug #72571: Do not set SAN in the subject of CSRs and certificates in the legacy UIDone

Associated revisions

Revision 82feba67 (diff)
Added by Erin Clark almost 3 years ago

Split on all space types for SAN in certificates and CAs Ticket: #76396

Revision 7e9a742b (diff)
Added by Erin Clark almost 3 years ago

Split on all space types for SAN in certificates and CAs Ticket: #76396 (cherry picked from commit 82feba6705811962a0bc0d749ddbbf2b277dc10b)

History

#1 Updated by Waqar Ahmed almost 3 years ago

  • Copied from Bug #72571: Do not set SAN in the subject of CSRs and certificates in the legacy UI added

#2 Updated by Anonymous almost 3 years ago

  • Assignee changed from Anonymous to Lola Yang

#3 Updated by Anonymous almost 3 years ago

  • Assignee changed from Lola Yang to Waqar Ahmed

#4 Updated by Anonymous almost 3 years ago Private

From what I can tell the new UI is already splitting on spaces

    if (data.san == undefined || data.san == '') {
      data.san = [];
    } else {
      data.san = _.split(data.san, ' ');
    }

Is there anything else that needs to be done here?

We tried creating a csr with a san as is and the data looks like this:

/C=US/ST=CA/L=San Jose/O=fooo/CN=blah/emailAddress=fooo@foo.com/subjectAltName=DNS:blah.com, DNS:foo.com

From what I can tell the new UI should just be doing the right thing with these new middleware fixes.

What are your thoughts, Waqar?

#5 Updated by Waqar Ahmed almost 3 years ago

  • Assignee changed from Waqar Ahmed to Anonymous

#7 Updated by Anonymous almost 3 years ago

  • Status changed from Unscreened to In Progress
  • Needs Merging changed from No to Yes

Master PR: https://github.com/freenas/webui/pull/1985
Stable PR: https://github.com/freenas/webui/pull/1984

Testing criteria: CAs and Certificate SAN field should now properly split on any kind of whitespace

#8 Updated by Anonymous almost 3 years ago

  • Status changed from In Progress to Ready for Testing
  • Needs Merging changed from Yes to No

#9 Updated by Dru Lavigne almost 3 years ago

  • Subject changed from Do not set SAN in the subject of CSRs and certificates to Do not set SAN in the subject of CSRs and certificates in the new UI

#12 Avatar?id=55038&size=24x24 Updated by Zackary Welch over 2 years ago

  • Status changed from Ready for Testing to Passed Testing
  • Needs QA changed from Yes to No

Confirmed fixed in 11.2-U3.

#13 Updated by Dru Lavigne over 2 years ago

  • Status changed from Passed Testing to Done

Also available in: Atom PDF