starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

ERROR: Certificate signing request contains non-DNS Subject Alternative Names #533

New Issue
Closed
opened 2025-12-29 01:26:52 +01:00 by adam · 1 comment
adam commented 2025-12-29 01:26:52 +01:00
Owner
Copy Link

Originally created by @koteswara-kelam on GitHub (Apr 23, 2021).

$ ./dehydrated --signcsr /opt/test/certificates/csr/vcenter.csr
INFO: Using main config file /opt/test/dehydrated/config
ERROR: Certificate signing request contains non-DNS Subject Alternative Names

$ openssl req -noout -text -in /opt/test/certificates/csr/vcenter.csr
Certificate Request:
Data:
Version: 1 (0x0)
Subject: CN = gl-test.local, C = US, ST = California, L = Palo Alto, O = Test, OU = Test
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:74:f5:36:fa:31:af:14:59:91:6a:65:33:77:
.....
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
email:test@test.com, DNS:test.local, DNS:www.example.com, DNS:test.local
X509v3 Subject Key Identifier:
00:A8:82:CB:77:76:55:DF:5F:AD:FA:9F:66:D8:89:C1:65:A0:C8:7D
Signature Algorithm: sha256WithRSAEncryption
95:d6:09:64:96:d3💿71:96:9d:8a:d9:01:98:b7:c8:c1:f7:
...........

email id is not allowed under "Subject Alternative Name"?
I am using step-ca. FQDN is proper. I just replaced with test.local. email id is mandatory while generating csr for VMWare vCenter 7.0 but I am not sure why it is coming under subject alternative name. Please help.
image

Originally created by @koteswara-kelam on GitHub (Apr 23, 2021). $ ./dehydrated --signcsr /opt/test/certificates/csr/vcenter.csr INFO: Using main config file /opt/test/dehydrated/config ERROR: Certificate signing request contains non-DNS Subject Alternative Names $ openssl req -noout -text -in /opt/test/certificates/csr/vcenter.csr Certificate Request: Data: Version: 1 (0x0) Subject: CN = gl-test.local, C = US, ST = California, L = Palo Alto, O = Test, OU = Test Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:be:74:f5:36:fa:31:af:14:59:91:6a:65:33:77: ..... Exponent: 65537 (0x10001) Attributes: Requested Extensions: X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Alternative Name: email:test@test.com, DNS:test.local, DNS:www.example.com, DNS:test.local X509v3 Subject Key Identifier: 00:A8:82:CB:77:76:55:DF:5F:AD:FA:9F:66:D8:89:C1:65:A0:C8:7D Signature Algorithm: sha256WithRSAEncryption 95:d6:09:64:96:d3💿71:96:9d:8a:d9:01:98:b7:c8:c1:f7: ........... email id is not allowed under "Subject Alternative Name"? I am using step-ca. FQDN is proper. I just replaced with test.local. email id is mandatory while generating csr for VMWare vCenter 7.0 but I am not sure why it is coming under subject alternative name. Please help. ![image](https://user-images.githubusercontent.com/52949199/115906281-f0f29480-a484-11eb-96c2-712469bf13e9.png)
adam closed this issue 2025-12-29 01:26:52 +01:00
adam commented 2025-12-29 01:26:53 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Apr 24, 2021):

Please don't open duplicate issues.

@lukas2511 commented on GitHub (Apr 24, 2021): Please don't open duplicate issues.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#533
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?