[openssl-users] Subject CN and SANs

Felipe Gasper felipe at felipegasper.com
Sun Dec 23 02:38:18 UTC 2018


> On Dec 22, 2018, at 9:12 PM, Salz, Rich via openssl-users <openssl-users at openssl.org> wrote:
> 
> Putting the DNS name in the CN part of the subjectDN has been deprecated for a very long time (more than 10 years), although it is still supported by many existing browsers. New certificates should only use the subjectAltName extension.

Are any CAs actually doing that? I thought they all still included subject.CN.

-F


More information about the openssl-users mailing list