Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6107

CAA validation allows issuance of wildcard certificates for subdomains, even though issuance is prohibited.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.9.0.4
    • Fix Version/s: EJBCA 6.9.0.6
    • Component/s: None
    • Labels:

      Description

      CAA validation allows issuance of wildcard certificates for subdomains, even though issuance is prohibited.

      In other words, even though wildcard issuance may be blocked for a domain *.example.com, a request for *.subdomain.example.com will pass.

        Attachments

          Activity

            People

            Assignee:
            mikek Mike Agrenius Kushner
            Reporter:
            mikek Mike Agrenius Kushner
            Verified by:
            Tomas Gustavsson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: