[Bug 1346776] Re: SSL certificate creation crashes without subjectAltName

[Mark Prosser]

** Tags added: ssl

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1346776

Title:
  SSL certificate creation crashes without subjectAltName

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/easy-rsa/+bug/1346776/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1346776] Re: SSL certificate creation crashes without subjectAltName

[Mark Prosser]

** Summary changed:

- Server certificate creation crashes without subjectAltName
+ SSL certificate creation crashes without subjectAltName

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1346776

Title:
  SSL certificate creation crashes without subjectAltName

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/easy-rsa/+bug/1346776/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1346776] [NEW] Server certificate creation crashes without subjectAltName

[Mark Prosser]

Public bug reported:

This is my first bug report with Ubuntu, so apologies if I'm going about
this the wrong way.

I'm running Ubuntu 14.04 LTS (Release 14.04), and am trying to create a
server certificate using easy-rsa version 2.2.2-1.

The commands I used to create the certificate were:

sudo apt-get install easy-rsa
cp -r /usr/share/easy-rsa ~
cd ~/easy-rsa
vim ./vars
(edit KEY_* defaults)
source ./vars
./clean-all
./build-dh
./pkitool --initca
./pkitool --server my-common-name


On the last command, I receive the following error:

Using Common Name: my-common-name
Error Loading extension section server
140532105823904:error:2207507C:X509 V3 routines:v2i_GENERAL_NAME_ex:missing 
value:v3_alt.c:537:
140532105823904:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in 
extension:v3_conf.c:93:name=subjectAltName, value=my-common-name


In ./vars I only adjusted the default values for KEY_COUNTRY, KEY_PROVINCE, 
KEY_CITY, KEY_ORG, KEY_EMAIL, KEY_OU to suit my situation, and at the end of 
the file uncommented the KEY_CN name and set to the value of my-common-name.

Upon checking the openssl-1.0.0.cnf file on line 220, the subjectAltName
variable in the [server] section seems to be set from the KEY_ALTNAMES
environmental variable. However, exporting this variable to either a
blank or non-blank value before running ./pkitool seems to make no
difference.

I did notice that by commenting out line 220, the ./pkitool then creates
a server certificate without issue.

While it's easy enough to simply comment this line before running
./pkitool, but the end goal here is to automate the certificate creation
using puppet, so it would be great to have the default openssl-1.0.0.cnf
configuration work from environmental variables out of the box.

Of course if I'm missing something, please let me know!

** Affects: easy-rsa (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: easy-rsa pkitool subjectaltname

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1346776

Title:
  Server certificate creation crashes without subjectAltName

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/easy-rsa/+bug/1346776/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs