Bug #11652
closedUnable to renew a certificate without a SAN
100%
Description
If a certificate entry has a CN which contains a space, attempting to renew the certificate will result in an error:
- Create an internal CA
- Create an internal certificate with a CN of "space test"
- Click the renew icon for the "space test" certificate
- Click Renew/Reissue
The page displays the following error:
The following input errors were detected:
Error renewing Certificate
Updated by Jim Pingle almost 4 years ago
- Subject changed from Unable to renew a certificate containing a space in the CN to Unable to renew a certificate containing special characters in the CN
This isn't exclusive to space, it also affects other characters which must be escaped for x509 such as "+".
Updated by Jim Pingle almost 4 years ago
- Subject changed from Unable to renew a certificate containing special characters in the CN to Unable to renew a certificate without a SAN
Narrowed it down further. The real problem is that a certificate without a SAN cannot be renewed.
Certificates with a CN that contains special characters and that do not have a manually-entered SAN list result in a certificate without a SAN. This is because those types of CN values cannot be mapped to a valid SAN type. The certificate renewal code was assuming any non-CA certificate entry had at least one SAN.
Fix coming shortly.
Updated by Jim Pingle almost 4 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 09d3fe621a56292817a85a54916e8b99e2b26c00.
Updated by Jim Pingle almost 4 years ago
- Status changed from Feedback to Waiting on Merge
- Target version changed from CE-Next to 2.5.1
Small fix and very likely to be hit in the wild (See https://forum.netgate.com/post/971557 for one example), so good to have sooner rather than later.
Updated by Renato Botelho almost 4 years ago
- Status changed from Waiting on Merge to Feedback
Cherry-picked to RELENG_2_5_1
Updated by Viktor Gurov over 3 years ago
- Status changed from Feedback to Resolved
works as expected on 2.5.1.r.20210330.1803