Skip to content

missing option exclude_cn_from_sans when requesting a signed certificate #244

New issue
New issue
Open
Open
missing option exclude_cn_from_sans when requesting a signed certificate#244
@darkedges

Description

@darkedges
darkedges
opened on May 28, 2021

I have discovered that when I use a CSR with a SubjecDN greater than 63 characters in length it throws the following

idna: invalid label "UID=f0486469-6aa7-4a93-8cc2-3e64f30e1789,CN=Nicholas Peter Irving"

I have raised an issue
hashicorp/vault#11721
to get this looked at, how I have noticed that i can disabled this check through the UI by using the Sign Verbatim option.

This adds an additional parameter in the request to /sign

    exclude_cn_from_sans: false

Is this something that looks like we can add?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions