Empty CommonName in CSR


#1

Do you know when the config flag DoNotForceCN will be set to true, so one can use a CSR with an empty common name ?
I need to create a certificate with SAN entries longer than 64 characters and the certificate is created in staging but not in production. The error I receive is “urn:acme:error:malformed - Error creating new cert :: Common name was longer than 64 bytes, was 0” because the line https://github.com/letsencrypt/boulder/blob/25b45a45eca7522bf623a9994cbccdf366adf3b9/ca/certificate-authority.go#L442 in executed and not the line https://github.com/letsencrypt/boulder/blob/25b45a45eca7522bf623a9994cbccdf366adf3b9/ca/certificate-authority.go#L537
Thanks a lot for the hard work.

Edit: In summary, I am asking when the feature described in Certificates with serialNumber in subject will be deployed in production.


Config flag DoNotForceCN
#2

We don’t yet have an ETA, I’m sorry. We discovered that we need an updated to our CP, one of the documents that describes our operations. That’s still pending. Ballpark, maybe in the next month or so. Hearing from folks like you that need the feature enabled does help prioritize it, thanks!


#3

Thanks a lot for your answer. Even a ballpark ETA can help me to decide if I want to use a workaround.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.