Project

General

Profile

Feature #7527

Sign CSRs - subjectAlternateNames

Added by Philip Hofstetter over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Certificates
Target version:
Start date:
05/08/2017
Due date:
% Done:

100%

Estimated time:

Description

with #7383 PFSense got the ability to sign arbitrary CSRs.

With browsers moving to only use `subjectAlternateName` when validating certificates, the new form should probably also contain the option to specify alternate names or, alternatively, read them from the CSR and suggest them by default.

Right now, a pasted CSR gets signed, but there's no way to specify SANs nor are the SANs from the CSR being copied.

Associated revisions

Revision 282b6c66 (diff)
Added by Jim Pingle over 2 years ago

Add the ability to set certificate type and SAN attributes in a CSR. Ticket #7527
TODO: They are not carried over after signing in the GUI

Revision 0c82b8c2 (diff)
Added by Jim Pingle over 2 years ago

Restructure how certificate types and SANs are handled in the cert manager when making a Cert/CSR/Signing, so each section can properly use the controls without duplicating. It is now possible to add SANs and EKUs to certificates when signing using the certificate manager. Fixes #7527 and also Fixes #7677

NOTE: Attributes such as SANs and KU/EKU cannot be copied from a CSR when signing due to a deficiency in OpenSSL's x509 functions (they do not support "copy_extensions" at this time). They must be specified manually.

Revision 2504e3f1 (diff)
Added by Jim Pingle over 2 years ago

Fix CA reference so serial increases properly. Remove variable for feature that didn't work out. Ticket #7527

History

#1 Updated by Jim Pingle over 2 years ago

  • Category set to Certificates
  • Status changed from New to Assigned
  • Assignee set to Jim Pingle
  • Target version set to 2.4.0

#2 Updated by Jim Pingle over 2 years ago

  • Status changed from Assigned to Feedback
  • % Done changed from 0 to 100

#3 Updated by Philip Hofstetter over 2 years ago

wow. Great. I'll try this out first thing tomorrow morning. Thank you very much :-)

#4 Updated by Jim Pingle over 2 years ago

  • Status changed from Feedback to Resolved

Works

Also available in: Atom PDF