C / CN / OU / emailAddress fields missing from CSR


#1

Hello

I didn’t find any way to enter “proper” information for certificate generation (like country or contact email) in the automatic process. And even when I used the (not really simple) CSR method, it seems that the certificate returned by the server “erased” the different fields :frowning:
I quickly looked at the source code but couldn’t find where that part is managed.

I find this quite sad, and even a show-stopper, as anybody looking at the certificate properties find nothing but that it has been issued by LE. And I’m quite sure that LE won’t provide customer support for an expired certificate, won’t you? :wink:

So, maybe I missed something during the CSR use. Or is a new feature ?


#2

BTW I ended updating the example/generate-csr.sh script to add a subject parameter… but it did’nt work :’(


#3

Let’s Encrypt issues domain validated certificates, only. The only data used from your CSR are the public key, the CN (if present) and any present DNS subjectAltNames.

Using the organizational data would end up in issuing so called extended validation certificates.


#4

Actually, there’s such a thing as organization validation :wink:


#5

CA must not issue a certificate with organization or personal information mentioned without prior verification of it.

if you want such a cert, buy it for $28 from here. Even your street address with postal code will be mentioned and visible to everyone.


#6

As others have said, LE certificates are DV-only. All O, OU, and similar information are ignored. If you want that displayed, you can look at other paid options for Organization Validation (OV) or Extended Validation (EV) certificates.