Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Additional SANs in CSR are ignored #98

Closed
rufoa opened this issue Apr 16, 2015 · 2 comments
Closed

Additional SANs in CSR are ignored #98

rufoa opened this issue Apr 16, 2015 · 2 comments

Comments

@rufoa
Copy link

rufoa commented Apr 16, 2015

When I use the LE client to request a certificate for more than one hostname, only the first one seems to be included in the certificate. All additional hostnames seem to be ignored. However, the CSR which is generated appears to be correct - the problem seems to be occurring at the boulder end.

e.g. I request a cert for "example.org,www.example.org"
The CSR has CN=example.org, SAN={example.org,www.example.org}

Expected cert:
CN=example.org, SAN={example.org,www.example.org}

Actual issued cert:
CN=example.org, SAN={example.org}

I can't see any obvious error in certificate-authority.go - is this a bug upstream in CFSSL perhaps?
@jdkasten
Copy link
Contributor

Unless you are using the boulder branch of the LE client... the client
isn't communicating with Boulder.

The master branch is still using v00 of the protocol and working with the
node-acme server that doesn't support multiple hostnames.

I am currently cleaning up the boulder branch, adding account
infrastructure to go with the registration, and writing test cases.
Hopefully I can get a pull-request to master by tomorrow.

I did test the boulder branch with multiple hostnames though and it appears
to work.

Sorry about the confusion.
James

On Wed, Apr 15, 2015 at 7:45 PM, rufoa notifications@github.com wrote:

When I use the LE client to request a certificate for more than one
hostname, only the first one seems to be included in the certificate. All
additional hostnames seem to be ignored. However, the CSR which is
generated appears to be correct - the problem seems to be occurring at the
boulder end.

e.g. I request a cert for "example.org,www.example.org"
The CSR has CN=example.org, SAN={example.org,www.example.org}

Expected cert:
CN=example.org, SAN={example.org,www.example.org}

Actual issued cert:
CN=example.org, SAN={example.org}

I can't see any obvious error in certificate-authority.go - is this a bug
upstream in CFSSL perhaps?


Reply to this email directly or view it on GitHub
#98.

@rufoa
Copy link
Author

rufoa commented Apr 16, 2015

Ah that explains it! Thanks and sorry for the misunderstanding.

@rufoa rufoa closed this as completed Apr 16, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bdaehlie @jdkasten @rufoa