SubjectCN is an operational requirement of X.509, I believe. It's not optional in the data structure, at any rate. -Kyle H On Sun, Dec 23, 2018 at 9:22 AM Michael Richardson <mcr@xxxxxxxxxxxx> wrote: > > > Salz, Rich via openssl-users <openssl-users@xxxxxxxxxxx> wrote: > > Putting the DNS name in the CN part of the subjectDN has been > > deprecated for a very long time (more than 10 years), although it > > is still supported by many existing browsers. New certificates > > should only use the subjectAltName extension. > > Fair enough. > > It seems that the "openssl ca" mechanism still seem to want a subjectDN > defined. Am I missing some mechanism that would let me omit all of that? Or > is a patch needed to kill what seems like a current operational requirement? > > -- > ] Never tell me the odds! | ipv6 mesh networks [ > ] Michael Richardson, Sandelman Software Works | IoT architect [ > ] mcr@xxxxxxxxxxxx http://www.sandelman.ca/ | ruby on rails [ > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
