Comments (2)
GBBx
commented on September 26, 2024
1
Hi @dopey , thanks a lot for fixing this.
I cannot give you an advice but I think I would align it with publicly trusted certificate providers. I believe if I bought a certificate from them, they would only add the CN as SAN if there's no other SAN entry.
from cli.
dopey
commented on September 26, 2024
Hey @GBBx 👋. Thanks for opening the issue! And apologies for the radio silence.
I have a pretty simple fix for this (I'll post the PR shortly), but I'm curious what the expected behavior would be if the CSR did have SANs but the commonName wasn't in the SANs? Should it still be automatically added as a SAN, or does that only apply if the SANs are empty?
from cli.
Related Issues (20)
- [Bug]: `step certificate inspect` no longer supports reading cert from piped out put HOT 3
- Support installing a root cert via URL with step certificate install HOT 1
- Allow certificate lifetimes to be given in d,mo,y as well as hours.
- Allow `step certificate p12` to specify a friendly name/alias HOT 2
- Support parsing of the ssh config file on Windows so step-ssh can use multiple ssh agents
- allow the creation of an "inline" certificate.
- [Bug]: Rekeying a JWK provisioner fails HOT 2
- [Bug]: `--profile`/`--context` has no effect on `step ssh config --host --roots`
- JWT signing with ed25519 key fails when using ssh-agent HOT 1
- `make`-ing requires bootstrapping, which globally installs various Go tools
- [Bug]: `make install` fails on macOS due to missing `install -D` flag
- [Bug]: `make install` should install to /usr/local/bin, /usr/bin
- [Bug]: errror message when using http urls for OIDC providers is missleading HOT 5
- Support non-tls providers for the oauth command `http://` HOT 1
- Support for `--admin-kms` in `step ca provisioner` subcommands
- [Bug]: Using --force doesn't force overwrite output file of step crypto key format
- Ability to add custom headers for Cloudflare Zero Trust HOT 2
- [Bug]: Poor Feedback for Template Typos
- [Bug]: Param Validity Checks in Wrong Order
- [Bug]: `step ca init` with `--pki` ignores `--context` flag
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cli.