You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
There is no way to mark the X509v3 Subject Alternative Name as critical in Vault (for certificates and intermediate CAs).
Describe the solution you'd like
Add an option to mark the X509v3 Subject Alternative Name as critical, also when using curl API to generate the certificate/intermediate CA.
Describe alternatives you've considered
Didn't find any alternative with using vault pki engine.
Explain any additional use-cases
A very similar case is this: #9779
The above case is just another extension
Additional context
I think it's worth having all extensions configurable as critical/non-critical (non critical can be the default for backward compatibility). It can add much needed flexibility when creating certificates and it will be very convenient when having scenarios where replacing old certificates, that were created by other tools, to new certificates that must be created using vault and must include specific extensions configured in specific manner.
in my example, I need the Subject Alternative Name extension to change from this:
X509v3 Subject Alternative Name:
DNS:example.com
to this:
X509v3 Subject Alternative Name: critical
DNS:example.com
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
There is no way to mark the X509v3 Subject Alternative Name as critical in Vault (for certificates and intermediate CAs).
Describe the solution you'd like
Add an option to mark the X509v3 Subject Alternative Name as critical, also when using curl API to generate the certificate/intermediate CA.
Describe alternatives you've considered
Didn't find any alternative with using vault pki engine.
Explain any additional use-cases
A very similar case is this: #9779
The above case is just another extension
Additional context
I think it's worth having all extensions configurable as critical/non-critical (non critical can be the default for backward compatibility). It can add much needed flexibility when creating certificates and it will be very convenient when having scenarios where replacing old certificates, that were created by other tools, to new certificates that must be created using vault and must include specific extensions configured in specific manner.
in my example, I need the Subject Alternative Name extension to change from this:
to this:
The text was updated successfully, but these errors were encountered: