[openssl-users] Subject CN and SANs
Michael Richardson
mcr at sandelman.ca
Sun Dec 23 15:21:41 UTC 2018
Salz, Rich via openssl-users <openssl-users at openssl.org> wrote:
> Putting the DNS name in the CN part of the subjectDN has been
> deprecated for a very long time (more than 10 years), although it
> is still supported by many existing browsers. New certificates
> should only use the subjectAltName extension.
Fair enough.
It seems that the "openssl ca" mechanism still seem to want a subjectDN
defined. Am I missing some mechanism that would let me omit all of that? Or
is a patch needed to kill what seems like a current operational requirement?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181223/04d6790f/attachment-0001.sig>
More information about the openssl-users
mailing list