Project

General

Profile

Actions

Todo #16657

open

Improve handling of certificates without subjects

Added by Jim Pingle 24 days ago. Updated 19 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
Certificates
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
26.03
Release Notes:
Default

Description

Certificates may omit a subject so long as they have SAN entries, but the certificate manager currently prints "Unknown" in the Distinguished Name column for certificates with an empty subject.

Let's Encrypt is dropping the Common Name field from their certificates in the near future, and since that was the only subject component they included, the resulting certificates now lack a subject. As such, these types of certificates will be much more common soon. They can even be generated now by using ACME certificate profiles.

Rather than printing "Unknown" in these cases, the GUI could print "SAN Only" and/or print at least one entry from the SAN list. It could even give a count for the >1 case, such as "SAN Only (x entries)". For certificates with only one SAN entry, printing that seems ideal, but certificates with multiple SANs it becomes less clear which to print.

Actions #1

Updated by Jim Pingle 24 days ago

  • Description updated (diff)
Actions #2

Updated by Jim Pingle 19 days ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Jim Pingle 19 days ago

For certificates with one SAN, it prints "SAN=<SAN spec>". For certificates with multiple it prints a count afterward, e.g. "SAN=DNS:san.example.com and 5 more SANs".

N.B.: This is only for the cosmetic display on the CA and Cert list pages and when editing a cert. There are some uses of subject where the values are compared where this doesn't quite make sense to use, but those are deeper issues in the Certificate Manager design and out of scope for this. I left enough flexibility in this function that it could help there in the future, perhaps.

Actions

Also available in: Atom PDF