Add CSR common name to SANs if no other SANs are defined in CSR

- Fixes #1779
smallstep · May 7, 2024 · 22dce0e · 22dce0e
1 parent 1f36d23
commit 22dce0e
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/command/certificate/sign.go b/command/certificate/sign.go
@@ -37,7 +37,7 @@ func signCommand() cli.Command {
 		Action: cli.ActionFunc(signAction),
 		Usage:  "sign a certificate signing request (CSR)",
 		UsageText: `**step certificate sign** <csr-file> <crt-file> <key-file>
-[**--profile**=<profile>] [**--template**=<file>] 
+[**--profile**=<profile>] [**--template**=<file>]
 [**--set**=<key=value>] [**--set-file**=<file>]
 [**--password-file**=<file>] [**--path-len**=<maximum>]
 [**--not-before**=<time|duration>] [**--not-after**=<time|duration>]
@@ -435,6 +435,10 @@ func createTemplateData(cr *x509.CertificateRequest, maxPathLen int) x509util.Te
 		sans = append(sans, v.String())
 	}
 
+	if cr.Subject.CommonName != "" && len(sans) == 0 {
+		sans = append(sans, cr.Subject.CommonName)
+	}
+
 	data := x509util.NewTemplateData()
 	data.SetCertificateRequest(cr)
 	data.Set("MaxPathLen", maxPathLen)