Closed
Bug 1017136
Opened 10 years ago
Closed 8 years ago
IGC/A: no subject alternative name
Categories
(CA Program :: CA Certificate Root Program, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: kurt, Assigned: igca)
References
Details
(Whiteboard: BR Compliance)
I'm seeing certificates without the subject alternative name extension from the following path: E = igca@sgdn.pm.gouv.fr, CN = IGC/A, OU = DCSSI, O = PM/SGDN, L = Paris, ST = France, C = FR CN = AC Education Nationale, OU = 110 043 015, O = Ministere Education Nationale (MENESR), C = FR, E = igc@orion.education.fr CN = AC Enseignement Scolaire, OU = 110 043 015, O = Ministere Education Nationale (MENESR), C = FR, E = igc@orion.education.fr CN = AC Infrastructures, OU = 110 043 015, O = Ministere education nationale (MENESR), C = FR
Comment 1•10 years ago
|
||
Loïc, Please investigate this bug, and respond in the bug. As per sections 9.2.1 and 9.2.2 of the Baseline Requirements, for SSL certs the domain name or IP address must be in the certificate's subjectAltName extension. https://cabforum.org/baseline-requirements-documents/
Updated•10 years ago
|
Assignee: kwilson → igca
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: BR Compliance
Updated•10 years ago
|
Blocks: BR-Compliance
Comment 2•10 years ago
|
||
Loic: have you or your team been investigating this issue? Gerv
Comment 3•8 years ago
|
||
(In reply to Kathleen Wilson from comment #1) > Loïc, Please investigate this bug, and respond in the bug. As per sections > 9.2.1 and 9.2.2 of the Baseline Requirements, for SSL certs the domain name > or IP address must be in the certificate's subjectAltName extension. > https://cabforum.org/baseline-requirements-documents/ In Bug #1245280 we disabled CN fallback for all certificates with a notBefore date later than 23 August 2016. This shipped in Firefox 48, which is the current release. As a result, all newly-issued certificates that do not have a subject alternative name extension with the appropriate DNS name entries will not validate successfully in Firefox.
Comment 4•8 years ago
|
||
PM/SGDN root removed via Bug #1272156.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Updated•7 years ago
|
Product: mozilla.org → NSS
Updated•2 years ago
|
Product: NSS → CA Program
You need to log in
before you can comment on or make changes to this bug.
Description
•