[cabfpub] Is CN value required in the SAN?
Peter Bowen
pzb at amzn.com
Wed May 10 13:13:49 UTC 2017
Doug,
As we discussed at the Raleigh F2F, the CN is optional but having an empty subject sequence will break some very popular clients. For DV, this means you effectively have to include CN until we modify the BRs to allow something other than CN in a pure-DV certificate.
Thanks,
Peter
> On May 10, 2017, at 5:45 AM, Doug Beattie via Public <public at cabforum.org> wrote:
>
> Thanks, I knew it had to be there somewhere.
> <>
> From: Public [mailto:public-bounces at cabforum.org <mailto:public-bounces at cabforum.org>] On Behalf Of Adriano Santoni via Public
> Sent: Wednesday, May 10, 2017 8:43 AM
> To: public at cabforum.org <mailto:public at cabforum.org>
> Cc: Adriano Santoni <adriano.santoni at staff.aruba.it <mailto:adriano.santoni at staff.aruba.it>>
> Subject: Re: [cabfpub] Is CN value required in the SAN?
>
> Excerpt from the BRs:
>
> 7.1.4.2.2. Subject Distinguished Name Fields
> a. Certificate Field: subject:commonName (OID 2.5.4.3)
> Required/Optional: Deprecated (Discouraged, but not prohibited)
> Contents: If present, this field MUST contain a single IP address or Fully‐Qualified Domain
> Name that is one of the values contained in the Certificate’s subjectAltName extension (see
> Section 7.1.4.2.1).
>
>
>
>
> Il 10/05/2017 14:36, Doug Beattie via Public ha scritto:
>
> In reading the BRs, I see the requirement that the SAN must contain at least one value (7.1.4.2.1), but I can’t find a reference that the value in the CN needs to be in the SAN. Am I missing that link somewhere, or can the value in the CN be omitted from the SAN? With Chrome depreciating use of CN, CAs will certainly want to include the value in the SAN, but is there a BR requirement that the CN value must be in the SAN?
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org <mailto:Public at cabforum.org>
> https://cabforum.org/mailman/listinfo/public <https://cabforum.org/mailman/listinfo/public>
>
> --
> Cordiali saluti,
>
> Adriano Santoni
> ACTALIS S.p.A.
> (Aruba Group)
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org <mailto:Public at cabforum.org>
> https://cabforum.org/mailman/listinfo/public <https://cabforum.org/mailman/listinfo/public>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170510/bb96ae0d/attachment-0003.html>
More information about the Public
mailing list