[openssl-users] Subject CN and SANs

Viktor Dukhovni openssl-users at dukhovni.org
Sun Dec 23 21:34:53 UTC 2018

> On Dec 23, 2018, at 4:29 PM, Kyle Hamilton <aerowolf at gmail.com> wrote:
> SubjectCN is an operational requirement of X.509, I believe.

You're confusing the DN and the CN.

>  It's not optional in the data structure, at any rate.

The subjectDN is not optional, but it can be empty sequence, and
is empty for domains whose name exceeds the CN length limit of either
63 or 64 characters (can't recall which of the two just now, but that
is not important).


More information about the openssl-users mailing list