Empty subject in the issued certificate in github workflow
Closed this issue · 2 comments
ThomsonTan commented
Description
I enabled id-token: write
in github CI with action sigstore/cosign-installer@v3
. Then I could use cosign sign-blob ...
for signing, but the generated certificate looks a valid but has empty subject. Is this expected? I'd expect the subject to be some github link there.
Or is there a way to set it in the cosign sign-blob
command line?
Version
sigstore/cosign-installer@v3
haydentherapper commented
Can you provide the certificate that was generated? There should be an identity specified in the subject alternative name extension.
ThomsonTan commented
Thanks. I overlooked at subject alternative name extension which does exist, and it can be passed to flag --certificate-identity
for verification.