Last Comment Bug 122863 - Need ability to request/issue certs with SubjectAltName extension
: Need ability to request/issue certs with SubjectAltName extension
Status: RESOLVED FIXED
[cert]
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.3.1
: All All
: P1 enhancement (vote)
: 3.8
Assigned To: Robert Relyea
: Bishakha Banerjee
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2002-01-31 15:02 PST by Rob Crittenden
Modified: 2003-01-09 15:03 PST (History)
7 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Add support to build single certs with multiple DNS names (6.14 KB, patch)
2003-01-09 15:02 PST, Robert Relyea
no flags Details | Diff | Splinter Review

Description Rob Crittenden 2002-01-31 15:02:30 PST
As kind of an extension of defect
http://bugzilla.mozilla.org/show_bug.cgi?id=112940 we need the ability to issue
and request certificates with the SubjectAltName extension set.

It would be great to be able to do this this using certutil as well.
Comment 1 Wan-Teh Chang 2002-01-31 19:03:35 PST
Assigned to Bob for evaluation.
Comment 2 Christian Kaiser 2002-02-01 10:01:58 PST
We'd need the necessary APIs to add SubjectAltName extensions to the certificate 
request, and to issue certs with that extension, PLUS the ability to use these 
with certutil.
CERT_CreateCertificateRequest seems to have the ability to pass in SECItems as 
attributes, but I'm not sure if this would be the proper way to pass 
SubjectAltName extensions.
Also, my limited understanding of the code in CERT_CreateCertificate leads me to 
believe that extensions/attributes are not copied when the certificate is 
created from the request.
Comment 3 Wan-Teh Chang 2002-02-13 15:42:03 PST
Set target milestone 3.4.1, priority P1.
Comment 4 Wan-Teh Chang 2002-04-25 16:27:38 PDT
Changed the QA contact to Bishakha.
Comment 5 Wan-Teh Chang 2002-04-30 16:40:52 PDT
Bob, could you evaluate this enhancement request?
Comment 6 Robert Relyea 2002-04-30 17:28:57 PDT
This will require some research. I have never really looked at the cert request
code, though the cert request API have been mostly replaced by the CRMF/CMMF
code. It may be the we want to reprioritize this as a CMMF function.

bob
Comment 7 Wan-Teh Chang 2002-05-01 14:58:39 PDT
Set priority P1.
Comment 8 Wan-Teh Chang 2002-05-14 15:21:44 PDT
Moved to 3.6.
Comment 9 Wan-Teh Chang 2002-09-05 17:56:12 PDT
Moved to Future for now.  Will consider this
for NSS 3.7.
Comment 10 Wan-Teh Chang 2002-12-06 11:11:24 PST
Moved to target milestone 3.8 because the original
NSS 3.7 release has been renamed 3.8.
Comment 11 Robert Relyea 2003-01-09 15:02:05 PST
Created attachment 111102 [details] [diff] [review]
Add support to build single certs with multiple DNS names
Comment 12 Robert Relyea 2003-01-09 15:03:34 PST
Fix checked in.
NOTE: it does not generate cert requests with the multiple DN, but it can take a
cert request and build a cert with the multiple DN's int the cert.

Note You need to log in before you can comment on or make changes to this bug.