Unable to use i18n characters set for Email which gets added in the Certificates SAN extension , when the request is generated using PKCS10Client or through EE Page:
Example:
[root@dhcp207-176 certs_db]# PKCS10Client -p redhat123 -d . -a rsa -l 2048 -o test1.b64 -n "UID=kakskümmend üks,E=kakskümmend@example.org,CN=kakskümmend üks,OU=Engineering,O=Example.Inc,C=US" PKCS10Client: Debug: got token. PKCS10Client: Debug: thread token set. PKCS10Client: token Internal Key Storage Token logged in... PKCS10Client: key pair generated. PKCS10Client: Exception caught: java.lang.IllegalArgumentException: Invalid IA5String AVA Value string
EE Page:
Specify Below details:
Submit the request:
Actual Output:
Sorry, your request is not submitted. The reason is "Invalid Subject Name UID=kakskümmend üks,E=kakskümmend@example.org,CN=kakskümmend üks".
Per CS/DS meeting of 03/31/2014 - I was unable to find any existing BZ. Non-ascii e-mail addresses are still very uncommon, so this is a real corner case. It also is not normal to use SAN for anything other than multiple hostnames for server certs - FUTURE.
NOTE: This may be related to PKI TRAC Ticket #860 - user-add --email with i18n characters throws LDAP error
Metadata Update from @mrniranjan: - Issue set to the milestone: UNTRIAGED
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1498
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.