C / CN / OU / emailAddress fields missing from CSR

MMisterM · December 6, 2015, 5:47pm

Hello

I didn’t find any way to enter “proper” information for certificate generation (like country or contact email) in the automatic process. And even when I used the (not really simple) CSR method, it seems that the certificate returned by the server “erased” the different fields
I quickly looked at the source code but couldn’t find where that part is managed.

I find this quite sad, and even a show-stopper, as anybody looking at the certificate properties find nothing but that it has been issued by LE. And I’m quite sure that LE won’t provide customer support for an expired certificate, won’t you?

So, maybe I missed something during the CSR use. Or is a new feature ?

MMisterM · December 6, 2015, 5:49pm

BTW I ended updating the example/generate-csr.sh script to add a subject parameter… but it did’nt work :’(

jhass · December 6, 2015, 5:51pm

Let’s Encrypt issues domain validated certificates, only. The only data used from your CSR are the public key, the CN (if present) and any present DNS subjectAltNames.

Using the organizational data would end up in issuing so called extended validation certificates.

Osiris · December 6, 2015, 6:06pm

Actually, there's such a thing as organization validation

selecadm · December 6, 2015, 6:45pm

CA must not issue a certificate with organization or personal information mentioned without prior verification of it.

if you want such a cert, buy it for $28 from here. Even your street address with postal code will be mentioned and visible to everyone.

motoko · December 6, 2015, 6:54pm

As others have said, LE certificates are DV-only. All O, OU, and similar information are ignored. If you want that displayed, you can look at other paid options for Organization Validation (OV) or Extended Validation (EV) certificates.