https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162021-03-10T10:51:11ZpfSense bugtrackerpfSense - Bug #11652: Unable to renew a certificate without a SANhttps://redmine.pfsense.org/issues/11652?journal_id=521492021-03-10T10:51:11ZJim Pingle
<ul><li><strong>Subject</strong> changed from <i>Unable to renew a certificate containing a space in the CN</i> to <i>Unable to renew a certificate containing special characters in the CN</i></li></ul><p>This isn't exclusive to space, it also affects other characters which must be escaped for x509 such as "+".</p> pfSense - Bug #11652: Unable to renew a certificate without a SANhttps://redmine.pfsense.org/issues/11652?journal_id=521502021-03-10T11:00:42ZJim Pingle
<ul><li><strong>Subject</strong> changed from <i>Unable to renew a certificate containing special characters in the CN</i> to <i>Unable to renew a certificate without a SAN</i></li></ul><p>Narrowed it down further. The real problem is that a certificate without a SAN cannot be renewed.</p>
<p>Certificates with a CN that contains special characters and that do not have a manually-entered SAN list result in a certificate without a SAN. This is because those types of CN values cannot be mapped to a valid SAN type. The certificate renewal code was assuming any non-CA certificate entry had at least one SAN.</p>
<p>Fix coming shortly.</p> pfSense - Bug #11652: Unable to renew a certificate without a SANhttps://redmine.pfsense.org/issues/11652?journal_id=521522021-03-10T11:15:07ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="Fix handling of renewing cert w/o SAN. Fixes #11652" href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/09d3fe621a56292817a85a54916e8b99e2b26c00">09d3fe621a56292817a85a54916e8b99e2b26c00</a>.</p> pfSense - Bug #11652: Unable to renew a certificate without a SANhttps://redmine.pfsense.org/issues/11652?journal_id=521542021-03-10T11:18:05ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Waiting on Merge</i></li><li><strong>Target version</strong> changed from <i>CE-Next</i> to <i>2.5.1</i></li></ul><p>Small fix and very likely to be hit in the wild (See <a class="external" href="https://forum.netgate.com/post/971557">https://forum.netgate.com/post/971557</a> for one example), so good to have sooner rather than later.</p> pfSense - Bug #11652: Unable to renew a certificate without a SANhttps://redmine.pfsense.org/issues/11652?journal_id=521832021-03-10T12:57:50ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>Waiting on Merge</i> to <i>Feedback</i></li></ul><p>Cherry-picked to RELENG_2_5_1</p> pfSense - Bug #11652: Unable to renew a certificate without a SANhttps://redmine.pfsense.org/issues/11652?journal_id=527942021-03-31T08:42:12ZViktor Gurov
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul><p>works as expected on 2.5.1.r.20210330.1803</p>