[GSS-53] Add a field to enter the subjectAlternativeName in when creating the request certificate. - Gazelle

XML

Word

Printable

Details

Type: Story
Status: Closed
Priority: Medium
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 6.0.0
Component/s: PKI
Labels:
None

Sprint:
2018 - S13, 2018 - S14, 2018 - S15
Account:
Yearly Extensions 2018 (YEARLYEXT2018)

Description

The RFC6125 (https://tools.ietf.org/html/rfc6125) recommends

Move away from including and checking strings that look like
      domain names in the subject's Common Name.

   o Move toward including and checking DNS domain names via the
      subjectAlternativeName extension designed for that purpose:
      dNSName.
   o Move toward including and checking even more specific
      subjectAlternativeName extensions where appropriate for using the
      protocol (e.g., uniformResourceIdentifier and the otherName form
      SRVName).

   o Move away from the issuance of so-called wildcard certificates
      (e.g., a certificate containing an identifier for
      "*.example.com").

So add that field in the request, and suggest people to use the system hostname in there.

Attachments

Activity

People

Assignee:: Youn Cadoret

Reporter:: Eric Poiseau

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11/Apr/14 9:16 AM

Updated:: 30/Dec/19 5:53 PM

Resolved:: 14/Nov/18 11:36 AM

Time Tracking

Estimated:

2d 4h

Remaining:

Logged:

1w 3d 2h