jcholast had a good point about this RFE:
I see a problem with this approach: CN is limited to 64 octets, if the host name
is longer, copying CN to SAN won't help us at all and can even be just plain
wrong if it has truncated host name. This can happen in cloud environments with
automatically generated host names, like in this IPA ticket:
Pursuant to RFC 2818 we not only need to support copying the CN to SAN dnsName
for host/service cert profiles (#4970), but we need to support requests without CN,
as long as there is at least one dnsName in the SAN request extension.
This may require changes to:
4.4.0 was released, moving open tickets to 4.4.1
This ticket goes along with #4970 - bumping to 4.5 backlog
Metadata Update from @ftweedal:
- Issue assigned to ftweedal
- Issue set to the milestone: FreeIPA 4.5 backlog
to comment on this ticket.