You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Apologies if this isn't a cert-manager issue per se. I have a client using cert-manager who created a certificate with wildcard SAN using *-, which is not a legal DNS wildcard, as per RFC 44592.
Using keytool -list -v keystore.jks, we can see the illegal SAN that uses *-
If I try to create my own certificate with *- locally using using keytool, I correctly get an error:
keytool error: java.lang.RuntimeException: java.io.IOException: DNSName components must begin with a letter, digit, or the first component can have only a wildcard character *
How is it possible cert-manager issued a certificate with an illegal SAN? Is this a bug in cert-manager, or on the issuer side?
Apologies if I misunderstood anything critical. I'm just trying to understand how this could have happened.
The text was updated successfully, but these errors were encountered:
Apologies if this isn't a cert-manager issue per se. I have a client using cert-manager who created a certificate with wildcard SAN using
*-, which is not a legal DNS wildcard, as per RFC 44592.Using
keytool -list -v keystore.jks, we can see the illegal SAN that uses*-If I try to create my own certificate with
*-locally using usingkeytool, I correctly get an error:How is it possible cert-manager issued a certificate with an illegal SAN? Is this a bug in cert-manager, or on the issuer side?
Apologies if I misunderstood anything critical. I'm just trying to understand how this could have happened.
The text was updated successfully, but these errors were encountered: