> On Jul 15, 2020, at 7:16 AM, Hubert Kario <hkario@xxxxxxxxxx> wrote: > > On Tuesday, 14 July 2020 21:18:53 CEST, Felipe Gasper wrote: >> Hello, >> >> I have domains whose length exceeds the commonName maximum. To create a signing request for such a domain, then, I can’t put the domain in the CSR’s subject. >> >> Assuming that I’m interested in just a DV certificate--such that the CSR’s subject DN actually provides no useful information--what would the minimum-viable subject look like from the generation-via-OpenSSL side? > > 1. Common Name is not used for host names for quite a few years now > 2. most commercial CAs completely ignore any data in the CSR but the public > key > 3. Subject DN can be empty, if that will be accepted by CA is up to CAs policy Making subject DN empty is what I was struggling with but eventually found a syntax that works. Thank you! -F
