Re: Subject CN and SANs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 23.12.2018 03:47, Salz, Rich via openssl-users wrote:

    >  >. New certificates should only use the subjectAltName extension.


    Are any CAs actually doing that? I thought they all still included subject.CN.


Yes, I think commercial CA's still do it.  But that doesn't make my statement wrong :)


Apache raises a warning at the following condition

e.g. a virtual Host defines this:

ServerName  www.example.com:443

and the SSL certificate has a CN which does not correspond to
CN=www.example.com, e.g.  CN=example.com

then the warning looks like this
[Fri Dec 07 07:08:19.393876 2018] [ssl:warn] [pid 29746] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name 

and fills up the logs

Walter

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux