Comments (9)
@ronaldtse It has been verified in #145 .
from digicert.
Thanks @kwkwan .
Perhaps @clintwilson could confirm if this is an API problem? Thanks!
from digicert.
@ronaldtse: Any update on this one?
from digicert.
ping @ronaldtse
from digicert.
Apologies for missing this one!
The issue ( or feature! ;) here is that the EV SSL (and Standard SSL and Wildcard) products have a "plus" feature (hence the old name still in the API product_name_id). The Plus feature will automatically add a second dNSName value to any of the above products when the first provided dNSName value is either 1) a base domain (e.g. example.com) or 2) the "www" subdomain of a base domain (e.g. www.example.com). The added dNSName that's added will be whichever of the above two isn't the first provided name (e.g. if www.example.com is provided, we add example.com; if example.com is provided, we add www.example.com).
The product itself is configured to only allow a single name be provided; if both of the dNSName values are submitted, the system interprets that as trying to order a cert with multiple SANs and rejects it.
This behavior is a little more intuitive in the UI, but where the API accepts/expects an array, it's a bit misleading.
This is further complicated by the fact that the other two "plus" products don't have this issue. Wildcard certs do accept multiple SANs on Duplicates, as long as the SANs are subdomains to the wildcard name and Standard SSL don't allow Duplicates; so this is only behavior encountered with the EV SSL product.
I don't have a way to turn off the "plus" feature, unfortunately. A potential, though non-ideal fix, would be to implement the logic noted above, i.e. if the product being duplicated is EV SSL, only use the first value in the dns_names array when creating the Duplicate.
from digicert.
Thank you @clintwilson for the detailed explanation (and @abunashir 's ping) !
I agree that the most appropriate fix is to implement this "exception" logic in this gem. @abunashir could you help implement this check? Thanks!
from digicert.
Thanks a lot, @clintwilson, @ronaldtse: I just created a PR to resolve this issue, could you please have a look and let me know if there is anything else we should consider?
cc: @kwkwan
from digicert.
@kwkwan could you help verify? Thanks!
from digicert.
Thanks @kwkwan !
from digicert.
Related Issues (20)
- Order filtering by attributes HOT 9
- Return textual certificate content after certificate download HOT 1
- Streamline order duplication flow HOT 2
- Class methods should return objects with expected classes HOT 4
- Report API issues to Digicert HOT 1
- Current issues with Digicert Service v2 API HOT 2
- Issues with finding a reissued order HOT 14
- Allow output option `--output json` HOT 1
- Version bump and release to rubygems HOT 1
- Method to set API KEY in config is confusing HOT 1
- Update to use latest 'Immediate Issuance' API response type HOT 4
- Rubocop errors HOT 1
- Getting Digicert::Errors::ServerError when calling Digicert::Order.all HOT 7
- When there are no duplicate certificates, don't error out HOT 1
- Digicert::DuplicateCertificateFinder.find_by doesn't work as expected HOT 3
- Discrepancy between Digicert::DuplicateCertificate.all and order.duplicate_certificates HOT 1
- Did we update the `order` response recently? HOT 4
- Update to use only current Ruby versions, 2.6+ and 3.0/3.1
- Certificate download method in README does not reflect actual operations HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from digicert.