Replies: 1 comment
-
|
See here for documentation on issuer alternative name: Why should the CA have issuer alternative name? That only makes sense if it is a subCA certificate, in which case the Root CA need to put the field when issuing the sub CA certificate. The CA that issues end entity certificate need a subject alternative name (see the docs above). |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I need to have a CA with the Issuer Alternative Name extension that issues certificates that will also have the Issuer AN extension.
If I understand correctly, I should check the Issuer Alternative Name checkbox on both the CA certificate profile and the End Entity certificate profile. The problem is that if I do this, the CA certificate is ok (Issuer AN extension present), but the end entity certificate is not ok (Issuer AN not present).
For the Issuer AN extension to be present in the end entity certificate, I need to check the Subject Alternative Name checkbox in the CA certificate profile, but if I do this the CA certificate will have the Subject AN extension, which is not what I want.
Is this the expected behavior or is this a bug in the EJBCA implementation? I've tried several configurations, but I was unable to find one that allows me to have the Issuer AN extension in both the CA certificate and the end entity certificate.
Any help appreciated.
Regards,
Pedro
Beta Was this translation helpful? Give feedback.
All reactions