[openssl-users] Subject CN and SANs

Michael Richardson mcr at sandelman.ca
Sun Dec 23 15:21:41 UTC 2018

Salz, Rich via openssl-users <openssl-users at openssl.org> wrote:
    > Putting the DNS name in the CN part of the subjectDN has been
    > deprecated for a very long time (more than 10 years), although it
    > is still supported by many existing browsers. New certificates
    > should only use the subjectAltName extension.

Fair enough.

It seems that the "openssl ca" mechanism still seem to want a subjectDN
defined.  Am I missing some mechanism that would let me omit all of that?  Or
is a patch needed to kill what seems like a current operational requirement?

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181223/04d6790f/attachment-0001.sig>

More information about the openssl-users mailing list