[openssl-users] Implementing deprecation of commonname and emailaddress
Robert Moskowitz
rgm at htt-consult.com
Thu Aug 17 04:28:52 UTC 2017
I have skimmed through a few RFCs following today's postings and a few
web sites. It would seem to me that I should:
Remove commonName and emailAddress completely from the cnf file. They no
longer belong in any cert, root or intermediate CA certs, server or user
certs.
For servers include something like in the cnf file:
subjectAltName = DNS:www.example.com, DNS:example.com, DNS=localhost,
EMAIL:postmaster at example.com
(That is all suppose to be on a single line in case your mail viewer
wraps it).
Um, I can specify 'localhost' in this manner if I am on the server and
connecting in the browser with https://localhost ??
And for clients:
subjectAltName = EMAIL:user at example.com
I am looking at how to build the above line using ENV variables. It is
more a matter of how I do it than can I do it...
thanks for any advice
Bob
More information about the openssl-users
mailing list