Closed GBBx closed 2 months ago
Hey @GBBx 👋. Thanks for opening the issue! And apologies for the radio silence.
I have a pretty simple fix for this (I'll post the PR shortly), but I'm curious what the expected behavior would be if the CSR did have SANs but the commonName wasn't in the SANs? Should it still be automatically added as a SAN, or does that only apply if the SANs are empty?
Hi @dopey , thanks a lot for fixing this. I cannot give you an advice but I think I would align it with publicly trusted certificate providers. I believe if I bought a certificate from them, they would only add the CN as SAN if there's no other SAN entry.
Steps to Reproduce
Create CSR without specifying SAN:
Sign certificate:
Check SAN of certificate:
Your Environment
step-ca
Version -Expected Behavior
The common name should be automatically added as a SAN.
Actual Behavior
The SAN is empty.
Additional Context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).