Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
CSR API doesn't allow "NEW CERTIFICATE REQUEST" PEM blocks #68677
Is this a BUG REPORT or FEATURE REQUEST?:
when submitting the below CSR to k8s for signing (generated by the Java keytool) :
k8s rejects the request with the error message:
What you expected to happen:
This is a valid PEM encoded CSR, so the request should be submitted. @liggitt noticed that the keytool generated CSR has the word
How to reproduce it (as minimally and precisely as possible):
Submit the following CSR:
Anything else we need to know?:
@mlbiam: There are no sig labels on this issue. Please add a sig label by either:
Note: Method 1 will trigger an email to the group. See the group list.
That header isn't actually required by the standard for this (c.f.
if "NEW CERTIFICATE REQUEST" is a known alternate representation (openssl indicates it is the old PEM header for CSRs), I don't mind allowing it.