[cabfpub] Intermediate certificate names
erwann.abalea at opentrust.com
Tue Mar 10 20:27:01 UTC 2015
Le 10/03/2015 07:31, Geoff Keating a écrit :
>> On 9 Mar 2015, at 10:01 pm, Jeremy Rowley <jeremy.rowley at digicert.com> wrote:
>> One of the discussions going on includes how CAs should name intermediates. Right now, the BRs say that the org field of the issuer “MUST contain the name (or abbreviation thereof), trademark, or other meaningful identifier for the CA, provided that they accurately identify the CA. The field MUST NOT contain a generic designation such as “Root” or “CA1”.” There is a similar requirement for the CN field.
>> We’ve heard that some auditors are interpreting this as a requirement that the CA must be named in each intermediate.
> Perhaps you could make the common name something like "DigiCert issuing for Customer Name, Inc." or similar? That'd help to clarify what the relationship is and what this certificate is for.
What if "Bozo, Inc" wants its CA certificate to be issued by DigiCert
The relationship between an issuer CA and an issued CA is already
established by the "issuer" and "subject" fields of a certificate.
More information about the Public