Project

General

Profile

Bug #338

Support of multiple Common Names in Certification Authority ACF

Added by iilluzion _ about 9 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
ACF
Target version:
Start date:
03/26/2010
Due date:
% Done:

0%

Estimated time:
Affected versions:
Security IDs:

Description

After adding support of multiple common names to /etc/ssl/openssl-ca-acf.cnf using https://<server_name>/acf/cgi-bin/acf/openssl/openssl/editconfigfile as follows:

...
[ req_distinguished_name ]
...
#commonName = Common Name (eg, the certificate CN)
#commonName_max = 64
#commonName_default=

0.commonName = Common Name (eg, the certificate CN)
0.commonName_max = 64
0.commonName_default=

1.commonName = Common Name (eg, the certificate CN)
1.commonName_max = 64
1.commonName_default=

2.commonName = Common Name (eg, the certificate CN)
2.commonName_max = 64
2.commonName_default=
...

After requesting a certificate an application return the following error:

/usr/share/acf/app//openssl/openssl-model.lua:362: attempt to index field 'commonName' (a nil value) stack traceback: /usr/share/acf/app//openssl/openssl-model.lua:362: in function </usr/share/acf/app//openssl/openssl-model.lua:358> (tail call): ? /usr/share/acf/lib//controllerfunctions.lua:69: in function </usr/share/acf/lib//controllerfunctions.lua:63> (tail call): ? /usr/share/acf/app/./acf_www-controller.lua:468: in function </usr/share/acf/app/./acf_www-controller.lua:387> [C]: in function 'xpcall' /usr/share/acf/app/./acf_www-controller.lua:387: in function 'dispatch' [string "/var/www/domains//blr.wtbts.net/www/acf/cgi..."]:18: in main chunk

History

#1 Updated by Natanael Copa about 9 years ago

  • Category set to ACF
  • Assignee set to Ted Trask
  • Target version set to Alpine 2.0.0

#2 Updated by Natanael Copa almost 9 years ago

  • Target version changed from Alpine 2.0.0 to Alpine 2.1.0

#3 Updated by Natanael Copa over 8 years ago

  • Target version changed from Alpine 2.1.0 to Alpine 2.2.0

#4 Updated by Ted Trask about 8 years ago

This new feature would require quite a bit of rewriting because certs are currently identified by common name. Not sure if / when this will be done.

#5 Updated by Natanael Copa about 8 years ago

  • Target version changed from Alpine 2.2.0 to Alpine 2.3.0

#6 Updated by Ted Trask over 7 years ago

  • Target version changed from Alpine 2.3.0 to Alpine 2.4.0

#7 Updated by Natanael Copa about 7 years ago

  • Target version changed from Alpine 2.4.0 to Alpine 2.5.0

#8 Updated by Natanael Copa over 6 years ago

  • Target version changed from Alpine 2.5.0 to Alpine 2.6.0

#9 Updated by Peter Kotcauer about 6 years ago

Hi!

commonName is a unique identifier, for multiple hostnames the subjectAltName attribute with DNS: prefix can be used. Further information is available at http://wiki.cacert.org/FAQ/subjectAltName or http://en.wikipedia.org/wiki/SubjectAltName .

Regards,
k

#10 Updated by Ted Trask about 6 years ago

  • Status changed from New to Closed

I guess I should have looked at this 3 years ago. :(
Rejected because you cannot have multiple commonName entries in the cnf file.

#11 Updated by Peter Kotcauer about 6 years ago

But you can have multiple subjectAltNAme entries.

Also available in: Atom PDF