Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent opinion on common name field #1474

Closed
stevenpitts opened this issue May 2, 2024 · 2 comments
Closed

Inconsistent opinion on common name field #1474

stevenpitts opened this issue May 2, 2024 · 2 comments

Comments

@stevenpitts
Copy link

website/content/docs/usage/certificate.md

Lines 66 to 67 in eab7224

# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.

As explored and summarized in caddyserver/caddy#3755 (comment), the deprecation of the CN field has some ambiguity. I don't have an opinion one way or the other, but cert-manager discourages its use and documents usage of it in a "Bootstrapping CA Issuers" example:

website/content/docs/configuration/selfsigned.md

Line 100 in eab7224

commonName: my-selfsigned-ca

If commonName were removed from that example, applying it would result in an error:

at least one of commonName, dnsNames, uriSANs, ipAddresses, emailSANs or otherNames must be set

The language in the comment should be made less absolute, or the usage of commonName in examples should be replaced with a field that is not deprecated.
@SgtCoDFish
Copy link
Member

Fair comment to make!

I think we should say that the use of commonName is discouraged for end-entity certificates, where the SAN extension is simply better. For CA certs commonName is fine. I'll create a PR to try and capture that 🔨

SgtCoDFish added a commit to SgtCoDFish/cert-manager-website that referenced this issue Sep 5, 2024
@SgtCoDFish
update note on commonName field
f587616 
See cert-manager#1474

Signed-off-by: Ashley Davis <[email protected]>
SgtCoDFish added a commit to SgtCoDFish/cert-manager-website that referenced this issue Sep 5, 2024
@SgtCoDFish
update note on commonName field
dbaba41 
See cert-manager#1474

Signed-off-by: Ashley Davis <[email protected]>
@SgtCoDFish SgtCoDFish mentioned this issue Sep 5, 2024
Merged
@inteon
Copy link
Member

inteon commented Sep 5, 2024

fixed in #1548

@inteon inteon closed this as completed Sep 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SgtCoDFish @stevenpitts @inteon