[openssl-users] Wildcard: how are they correct?
Kyle Hamilton
aerowolf at gmail.com
Wed Oct 10 06:54:55 UTC 2018
If subjectAltName exists, CN= is not evaluated. All the given
examples should work. (The only exceptions are validators that
haven't been current for more than 20 years.) None of the examples is
correct. CN= should not even be included in the certificate. If it
is, (d) is the closest to correct, if "hello world" is replaced by
something meaningful to the identification or naming of the subject.
-Kyle H
On Tue, Oct 9, 2018 at 11:18 PM Walter H. <walter.h at mathemainzel.info> wrote:
>
> Hello,
>
> which of these possibilities is the correct one?
>
> (a) CN=*.example.com
> and subjectAltName = DNS:*.example.com, DNS:example.com
>
> (b) CN=example.com
> and subjectAltName = DNS:example.com, DNS:*.example.com
>
> (c) CN=example.com
> and subjectAltName = DNS:*.example.com, DNS:example.com
>
> (d) CN=hello world
> and subjectAltName = DNS:example.com, DNS:*.example.com
>
> Thanks,
> Walter
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list