Actions
Bug #10362
closed
Error renewing cert if SAN contains IP Address
Start date:
03/20/2020
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.0
Affected Architecture:
Description
example SAN: DNS:tkWAN2, IP Address:10.123.123.4
If I try to renew it, I get the message 'Error renewing Certificate' and:
PHP Errors: PHP Warning: in_array() expects parameter 2 to be array, null given in /etc/inc/certs.inc on line 1658 PHP Warning: openssl_csr_new(): Error loading extensions_section section server_san of /etc/ssl/openssl.cnf in /etc/inc/certs.inc on line 1682 PHP Warning: openssl_csr_new(): Error loading extensions_section section server_san of /etc/ssl/openssl.cnf in /etc/inc/certs.inc on line 1682
pfSense 2.5.0.a.20200319.0930
Updated by Viktor Gurov almost 5 years ago
https://www.openssl.org/docs/manmaster/man5/x509v3_config.html#Subject-Alternative-Name:
The subject alternative name extension allows various literal values to be included in the configuration file. These include email (an email address) URI a uniform resource indicator, DNS (a DNS domain name), RID (a registered ID: OBJECT IDENTIFIER), IP (an IP address), dirName (a distinguished name) and otherName
Correct SAN is IP, not IP Address
Updated by Jim Pingle almost 5 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho almost 5 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
- % Done changed from 0 to 100
PR has been merged. Thanks!
Updated by Viktor Gurov almost 5 years ago
- Status changed from Feedback to Resolved
renewing is OK on 2.5.0.a.20200321.2101
Actions