[cabfpub] Intermediate certificate names

Richard Wang richard at wosign.com
Tue Mar 10 17:17:06 UTC 2015


Yes, we can treat issuing intermediate certificate same as to end user
certificate that verify the identity and name it in O and CN field.




From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Eddy Nigg
Sent: Tuesday, March 10, 2015 9:56 AM
To: Geoff Keating; Jeremy Rowley
Subject: Re: [cabfpub] Intermediate certificate names



On 03/10/2015 08:31 AM, Geoff Keating wrote:

Perhaps you could make the common name something like "DigiCert issuing for
Customer Name, Inc." or similar?

I don't think this is a good idea - I believe the organization name should
correctly identify the company to whom the certificate was issued. 

When we issue a certificate to an end-user we correctly identify that entity
(in the verified settings). If we issue an intermediate CA to an external
entity why should this be any different? We should identify the entity we
validated and for whom we issued the intermediate CA certificate (even if
that entity doesn't control the private key, e.g. a manged and controlled
solution by the parent CA).





Eddy Nigg, COO/CTO


StartCom Ltd. <http://www.startcom.org> 


startcom at startcom.org


Join the Revolution! <http://blog.startcom.org> 


Follow Me <http://twitter.com/eddy_nigg> 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150310/20384023/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5099 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150310/20384023/attachment-0001.p7s>

More information about the Public mailing list