jcholast had a good point about this RFE:
I see a problem with this approach: CN is limited to 64 octets, if the host name is longer, copying CN to SAN won't help us at all and can even be just plain wrong if it has truncated host name. This can happen in cloud environments with automatically generated host names, like in this IPA ticket: https://fedorahosted.org/freeipa/ticket/4415
Pursuant to RFC 2818 we not only need to support copying the CN to SAN dnsName for host/service cert profiles (#4970), but we need to support requests without CN, as long as there is at least one dnsName in the SAN request extension.
This may require changes to:
ipa cert-request
4.4.0 was released, moving open tickets to 4.4.1
This ticket goes along with #4970 - bumping to 4.5 backlog
Metadata Update from @ftweedal: - Issue assigned to ftweedal - Issue set to the milestone: FreeIPA 4.5 backlog
Login to comment on this ticket.