Various issues in CA & Certificates

[Clipper]

Hi,

I have created a CA and have a few observations. Let me know if I should open distinct bugs/features:

• If you generate a Root CA certificate, it is marked as Internal / Self-signed. If you export it with the key, and later after a full reinstall from scratch you want to re-import the CA, it ends up as External / Externally Issued. I think we should be able to set these metadata upon importing
• It could be helpful to have the official X.509 acronyms on the creation form fields labels (e.g. : Common Name (CN), Organisation (O), etc.). That helps to avoid mistakes
• the Organisation Unit (OU) field is missing
• Upon creation of a CA, the field Subject Alternate Names shouldn't be present. It does not make sense as a Root CA cert is not related to DNS names
• When exporting a private key from either a CA or a cert, there is no way to provide a passphrase to encrypt the key. This is a huge risk.
• When importing a private key there is a confusing double-entry for the private key. This is a nonsense, double check fields should be asked upon encrypting private keys, not decrypting them
• No big deal but it would really be helpful to have a Browse File button on all these import functions, copy/pasting huge ascii content is not very practical.

Apart from that, it's very cool to have a nice (although limited) interface to OpenSSL PKI functions, pretty good job overall

Thanks
Clipper

 

[seanm]

I'm nobody :), but those sound worthy of bug reports to me.

 

[Clipper]

Thanks, I'll do. And I will add that deleting certificates in the GUI doesn't delete anything in /etc/certificates/. It could at least ask

 

[pro lamer]

I'll do

Will you post links to bug reports here please, so we can follow?