Empty subject in the issued certificate in github workflow

Question

Empty subject in the issued certificate in github workflow

Closed this issue 3 months ago · 2 comments

Description

I enabled id-token: write in github CI with action sigstore/cosign-installer@v3. Then I could use cosign sign-blob ... for signing, but the generated certificate looks a valid but has empty subject. Is this expected? I'd expect the subject to be some github link there.

Or is there a way to set it in the cosign sign-blob command line?

Version

sigstore/cosign-installer@v3

Answer 1 · 2024-03-11T01:04:35.000Z

Can you provide the certificate that was generated? There should be an identity specified in the subject alternative name extension.

Answer 2 · 2024-03-11T05:02:49.000Z

Thanks. I overlooked at subject alternative name extension which does exist, and it can be passed to flag --certificate-identity for verification.