[openssl-users] Subject CN and SANs
Kyle Hamilton
aerowolf at gmail.com
Sun Dec 23 21:29:42 UTC 2018
SubjectCN is an operational requirement of X.509, I believe. It's not
optional in the data structure, at any rate.
-Kyle H
On Sun, Dec 23, 2018 at 9:22 AM Michael Richardson <mcr at sandelman.ca> wrote:
>
>
> Salz, Rich via openssl-users <openssl-users at openssl.org> wrote:
> > Putting the DNS name in the CN part of the subjectDN has been
> > deprecated for a very long time (more than 10 years), although it
> > is still supported by many existing browsers. New certificates
> > should only use the subjectAltName extension.
>
> Fair enough.
>
> It seems that the "openssl ca" mechanism still seem to want a subjectDN
> defined. Am I missing some mechanism that would let me omit all of that? Or
> is a patch needed to kill what seems like a current operational requirement?
>
> --
> ] Never tell me the odds! | ipv6 mesh networks [
> ] Michael Richardson, Sandelman Software Works | IoT architect [
> ] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list