Last Comment Bug 122863 - Need ability to request/issue certs with SubjectAltName extension
: Need ability to request/issue certs with SubjectAltName extension
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.3.1
: All All
P1 enhancement (vote)
: 3.8
Assigned To: Robert Relyea
: Bishakha Banerjee
Depends on:
  Show dependency treegraph
Reported: 2002-01-31 15:02 PST by Rob Crittenden
Modified: 2003-01-09 15:03 PST (History)
7 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---

Add support to build single certs with multiple DNS names (6.14 KB, patch)
2003-01-09 15:02 PST, Robert Relyea
no flags Details | Diff | Splinter Review

Description User image Rob Crittenden 2002-01-31 15:02:30 PST
As kind of an extension of defect we need the ability to issue
and request certificates with the SubjectAltName extension set.

It would be great to be able to do this this using certutil as well.
Comment 1 User image Wan-Teh Chang 2002-01-31 19:03:35 PST
Assigned to Bob for evaluation.
Comment 2 User image Christian Kaiser 2002-02-01 10:01:58 PST
We'd need the necessary APIs to add SubjectAltName extensions to the certificate 
request, and to issue certs with that extension, PLUS the ability to use these 
with certutil.
CERT_CreateCertificateRequest seems to have the ability to pass in SECItems as 
attributes, but I'm not sure if this would be the proper way to pass 
SubjectAltName extensions.
Also, my limited understanding of the code in CERT_CreateCertificate leads me to 
believe that extensions/attributes are not copied when the certificate is 
created from the request.
Comment 3 User image Wan-Teh Chang 2002-02-13 15:42:03 PST
Set target milestone 3.4.1, priority P1.
Comment 4 User image Wan-Teh Chang 2002-04-25 16:27:38 PDT
Changed the QA contact to Bishakha.
Comment 5 User image Wan-Teh Chang 2002-04-30 16:40:52 PDT
Bob, could you evaluate this enhancement request?
Comment 6 User image Robert Relyea 2002-04-30 17:28:57 PDT
This will require some research. I have never really looked at the cert request
code, though the cert request API have been mostly replaced by the CRMF/CMMF
code. It may be the we want to reprioritize this as a CMMF function.

Comment 7 User image Wan-Teh Chang 2002-05-01 14:58:39 PDT
Set priority P1.
Comment 8 User image Wan-Teh Chang 2002-05-14 15:21:44 PDT
Moved to 3.6.
Comment 9 User image Wan-Teh Chang 2002-09-05 17:56:12 PDT
Moved to Future for now.  Will consider this
for NSS 3.7.
Comment 10 User image Wan-Teh Chang 2002-12-06 11:11:24 PST
Moved to target milestone 3.8 because the original
NSS 3.7 release has been renamed 3.8.
Comment 11 User image Robert Relyea 2003-01-09 15:02:05 PST
Created attachment 111102 [details] [diff] [review]
Add support to build single certs with multiple DNS names
Comment 12 User image Robert Relyea 2003-01-09 15:03:34 PST
Fix checked in.
NOTE: it does not generate cert requests with the multiple DN, but it can take a
cert request and build a cert with the multiple DN's int the cert.

Note You need to log in before you can comment on or make changes to this bug.