The default bug view has changed. See this FAQ.

Need ability to request/issue certs with SubjectAltName extension

RESOLVED FIXED in 3.8

Status

NSS
Libraries
P1
enhancement
RESOLVED FIXED
15 years ago
14 years ago

People

(Reporter: Rob Crittenden, Assigned: Robert Relyea)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [cert])

Attachments

(1 attachment)

(Reporter)

Description

15 years ago
As kind of an extension of defect
http://bugzilla.mozilla.org/show_bug.cgi?id=112940 we need the ability to issue
and request certificates with the SubjectAltName extension set.

It would be great to be able to do this this using certutil as well.

Comment 1

15 years ago
Assigned to Bob for evaluation.
Assignee: wtc → relyea
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 2

15 years ago
We'd need the necessary APIs to add SubjectAltName extensions to the certificate 
request, and to issue certs with that extension, PLUS the ability to use these 
with certutil.
CERT_CreateCertificateRequest seems to have the ability to pass in SECItems as 
attributes, but I'm not sure if this would be the proper way to pass 
SubjectAltName extensions.
Also, my limited understanding of the code in CERT_CreateCertificate leads me to 
believe that extensions/attributes are not copied when the certificate is 
created from the request.

Comment 3

15 years ago
Set target milestone 3.4.1, priority P1.
Priority: -- → P1
Target Milestone: --- → 3.4.1

Comment 4

15 years ago
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee

Comment 5

15 years ago
Bob, could you evaluate this enhancement request?
Priority: P1 → --
Target Milestone: 3.4.1 → 3.5
(Assignee)

Comment 6

15 years ago
This will require some research. I have never really looked at the cert request
code, though the cert request API have been mostly replaced by the CRMF/CMMF
code. It may be the we want to reprioritize this as a CMMF function.

bob

Comment 7

15 years ago
Set priority P1.
Priority: -- → P1

Comment 8

15 years ago
Moved to 3.6.
Whiteboard: [cert]
Target Milestone: 3.5 → 3.6

Comment 9

15 years ago
Moved to Future for now.  Will consider this
for NSS 3.7.
Target Milestone: 3.6 → Future

Updated

15 years ago
Target Milestone: Future → 3.7

Comment 10

15 years ago
Moved to target milestone 3.8 because the original
NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
(Assignee)

Comment 11

14 years ago
Created attachment 111102 [details] [diff] [review]
Add support to build single certs with multiple DNS names
(Assignee)

Comment 12

14 years ago
Fix checked in.
NOTE: it does not generate cert requests with the multiple DN, but it can take a
cert request and build a cert with the multiple DN's int the cert.
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.