As kind of an extension of defect http://bugzilla.mozilla.org/show_bug.cgi?id=112940 we need the ability to issue and request certificates with the SubjectAltName extension set. It would be great to be able to do this this using certutil as well.
Assigned to Bob for evaluation.
We'd need the necessary APIs to add SubjectAltName extensions to the certificate request, and to issue certs with that extension, PLUS the ability to use these with certutil. CERT_CreateCertificateRequest seems to have the ability to pass in SECItems as attributes, but I'm not sure if this would be the proper way to pass SubjectAltName extensions. Also, my limited understanding of the code in CERT_CreateCertificate leads me to believe that extensions/attributes are not copied when the certificate is created from the request.
Set target milestone 3.4.1, priority P1.
Changed the QA contact to Bishakha.
Bob, could you evaluate this enhancement request?
This will require some research. I have never really looked at the cert request code, though the cert request API have been mostly replaced by the CRMF/CMMF code. It may be the we want to reprioritize this as a CMMF function. bob
Set priority P1.
Moved to 3.6.
Moved to Future for now. Will consider this for NSS 3.7.
Moved to target milestone 3.8 because the original NSS 3.7 release has been renamed 3.8.
Created attachment 111102 [details] [diff] [review] Add support to build single certs with multiple DNS names
Fix checked in. NOTE: it does not generate cert requests with the multiple DN, but it can take a cert request and build a cert with the multiple DN's int the cert.