search

SilleBille / pki

Dogtag PKI Issues should be reported to the Dogtag PKI Pagure Issues site
https://pagure.io/dogtagpki/issues
GNU General Public License v2.0
1 stars 1 forks source link

[RFE] Substitutions of the certificate subject DN field only works for common name #456

Closed SilleBille closed 4 years ago

SilleBille commented 4 years ago

This issue was migrated from Pagure Issue #3012.Originally filed by mharmsen on 2018-05-02

When creating a custom CA profile trying to substitute anything other than request.req_subject_name.cn it does not get replaced with the appropriate value from the CSR.

Steps to Reproduce:

1. Create a cert profile with a custom subject DN like:

policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, OU=$request.req_subject_name.ou$

2. Create a CSR containing CN=test.example.com, OU=foo
3. Sign the CSR

Actual results:

The resultning signed cert contains the CN=test.example.com, OU=$request.req_subject_name.ou$

Expected results:

The certificate subject should be populated with $request.req_subject_name.<field> for example: CN=test.example.com, OU=foo

Additional info:

This applies to other fields as well, such as $request.req_subject_name.sn$ and $request.req_subject_name.st$
SilleBille commented 4 years ago

Posted by mharmsen on 2018-05-02:

Per 10.5.x/10.6 Triage: 10.6