Bug #11652
closed
Unable to renew a certificate without a SAN
Added by Jim Pingle over 3 years ago.
Updated over 3 years ago.
Description
If a certificate entry has a CN which contains a space, attempting to renew the certificate will result in an error:
- Create an internal CA
- Create an internal certificate with a CN of "space test"
- Click the renew icon for the "space test" certificate
- Click Renew/Reissue
The page displays the following error:
The following input errors were detected:
Error renewing Certificate
- Subject changed from Unable to renew a certificate containing a space in the CN to Unable to renew a certificate containing special characters in the CN
This isn't exclusive to space, it also affects other characters which must be escaped for x509 such as "+".
- Subject changed from Unable to renew a certificate containing special characters in the CN to Unable to renew a certificate without a SAN
Narrowed it down further. The real problem is that a certificate without a SAN cannot be renewed.
Certificates with a CN that contains special characters and that do not have a manually-entered SAN list result in a certificate without a SAN. This is because those types of CN values cannot be mapped to a valid SAN type. The certificate renewal code was assuming any non-CA certificate entry had at least one SAN.
Fix coming shortly.
- Status changed from New to Feedback
- % Done changed from 0 to 100
- Status changed from Feedback to Waiting on Merge
- Target version changed from CE-Next to 2.5.1
- Status changed from Waiting on Merge to Feedback
Cherry-picked to RELENG_2_5_1
- Status changed from Feedback to Resolved
works as expected on 2.5.1.r.20210330.1803
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by Viktor Gurov