Implementing deprecation of commonname and emailaddress

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have skimmed through a few RFCs following today's postings and a few web sites. It would seem to me that I should:

Remove commonName and emailAddress completely from the cnf file. They no longer belong in any cert, root or intermediate CA certs, server or user certs.

For servers include something like in the cnf file:

subjectAltName = DNS:www.example.com, DNS:example.com, DNS=localhost, EMAIL:postmaster@xxxxxxxxxxx

(That is all suppose to be on a single line in case your mail viewer wraps it).

Um, I can specify 'localhost' in this manner if I am on the server and connecting in the browser with https://localhost ??

And for clients:

subjectAltName = EMAIL:user@xxxxxxxxxxx

I am looking at how to build the above line using ENV variables. It is more a matter of how I do it than can I do it...

thanks for any advice

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux