Alternative names client tls

ipena · February 16, 2024, 3:05am

I tried to generate another certificate using the alternative names option and it seems it is not handling the errors or if there is a particular format to include the names:

zqz@vyos01.dev# run generate pki certificate sign ca-1 install openwrt1
Do you already have a certificate request? [y/N] N
Enter private key type: [rsa, dsa, ec] (Default: rsa) 
Enter private key bits: (Default: 2048) 
Enter country code: (Default: GB) US
Enter state: (Default: Some-State) TX 
Enter locality: (Default: Some-City) Edinburg
Enter organization name: (Default: VyOS) org-ip
Enter common name: (Default: vyos.io) ip.org
Do you want to configure Subject Alternative Names? [y/N] y
Enter alternative names in a comma separate list, example: ipv4:1.1.1.1,ipv6:fe80::1,dns:vyos.net
Enter Subject Alternative Names: openwrt,unifi,lite
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/pki.py", line 1017, in <module>
    generate_certificate_sign(args.certificate, args.sign, install=args.install, file=args.file)
  File "/usr/libexec/vyos/op_mode/pki.py", line 472, in generate_certificate_sign
    cert_req = generate_certificate_request(private_key, key_type, return_request=True)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/pki.py", line 329, in generate_certificate_request
    subject_alt_names = parse_san_string(san_string)
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/pki.py", line 304, in parse_san_string
    tag, value = pair_str.strip().split(":", 1)
    ^^^^^^^^^^
ValueError: not enough values to unpack (expected 2, got 1)
[edit]
zqz@vyos01.dev#

Info the system:

--------------------------------
VyOS Version and Package Changes
--------------------------------
Version:          VyOS 1.5-rolling-202401310023
Release train:    current

Built by:         autobuild@vyos.net
Built on:         Wed 31 Jan 2024 02:18 UTC
Build UUID:       acc3253e-cac9-4a50-a793-9b0bbe7327f5
Build commit ID:  6c6a5856122790

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  Amazon EC2
Hardware model:   t3.small
Hardware S/N:     ec2811bf-b800-ca4b-0744-5f435cce61c0
Hardware UUID:    ec2811bf-b800-ca4b-0744-5f435cce61c0

Copyright:        VyOS maintainers and contributors

Viacheslav · February 16, 2024, 6:54am

They have to be split by “:”, as in the example.

ipena · February 20, 2024, 7:41am

Hi,

Thanks for info…!

system · March 21, 2024, 7:42am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.