Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-4576

Several SAN DNSname in EMPTY profile

    Details

    • Issue discovered during:
      Community

      Description

      Description:
      In web.properties, we can set only one SAN DNSname in field 'httpsserver.an', because the EMPTY End Entity profile allow only one SAN DNSname.
      It's useless, because when you set one SAN DNSname in certificate, web server and web browser only read this filed SAN and ignore the CN attribute value.
      So when we want two FQDNs for a server certificate, we need to set two DNSname values in SAN extension.

      It's can be useful for an EJBCA VM in DMZ zone which can be accessible from VLAN with a FQDN (e.g. pki.foo.lan), and from Internet with another FQDN (e.g. pki.foo.org). For example, for a PoC without front-end (not for production, of course).

      Ref.: RFC 6125

      Actions:

      • set 2 or 3 SAN DNSname in the EMPTY End Entity profile

        Attachments

          Activity

            People

            Assignee:
            dcarella David Carella
            Reporter:
            dcarella David Carella
            Verified by:
            Johan Eklund
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: