[openssl-users] Implementing deprecation of commonname and emailaddress

Robert Moskowitz rgm at htt-consult.com
Thu Aug 17 04:28:52 UTC 2017

I have skimmed through a few RFCs following today's postings and a few 
web sites.  It would seem to me that I should:

Remove commonName and emailAddress completely from the cnf file. They no 
longer belong in any cert, root or intermediate CA certs, server or user 

For servers include something like in the cnf file:

subjectAltName = DNS:www.example.com, DNS:example.com, DNS=localhost, 
EMAIL:postmaster at example.com

(That is all suppose to be on a single line in case your mail viewer 
wraps it).

Um, I can specify 'localhost' in this manner if I am on the server and 
connecting in the browser with https://localhost ??

And for clients:

subjectAltName = EMAIL:user at example.com

I am looking at how to build the above line using ENV variables. It is 
more a matter of how I do it than can I do it...

thanks for any advice


More information about the openssl-users mailing list