#5645 [WebUI] Dialog "Issue New Certificate" should mention SAN names
Closed: Fixed None Opened 8 years ago by pspacek.

Hello,

current help text is:

1.    Create a certificate database or use an existing one. To create a new database:
    # certutil -N -d <database path>
2.    Create a CSR with subject CN=<common name>,O=<realm>, for example:
    # certutil -R -d <database path> -a -g <key size> -s 'CN=<common name>,O=ABC.IDM.LAB.ENG.BRQ.REDHAT.COM'
3.    Copy and paste the CSR (from -----BEGIN NEW CERTIFICATE REQUEST----- to -----END NEW CERTIFICATE REQUEST-----) into the text area below:

The problem is that use of cn= was deprecated long ago. We should recommend people to add subjectAltName instead.


Triage:

  • or change the instruction completely, e.g, use openssl.
  • one of efforts which should be done in 4.4 is improving handling of/working with certificates. This can be done as part of it. -> 4.4
  • mkosek: ok. About 4.4 and SANs, I am especially interested in adding SANs in default profiles, i.e. #5523 (Fraser's plate)

master:

  • 91ac959 Extend the certificate request dialog

Metadata Update from @pspacek:
- Issue assigned to pvomacka
- Issue set to the milestone: FreeIPA 4.4

7 years ago

Login to comment on this ticket.

Metadata