minimum viable CSR?

Hubert Kario hkario at redhat.com
Wed Jul 15 11:16:14 UTC 2020


On Tuesday, 14 July 2020 21:18:53 CEST, Felipe Gasper wrote:
> Hello,
>
> 	I have domains whose length exceeds the commonName maximum. To 
> create a signing request for such a domain, then, I can’t put 
> the domain in the CSR’s subject.
>
> 	Assuming that I’m interested in just a DV certificate--such 
> that the CSR’s subject DN actually provides no useful 
> information--what would the minimum-viable subject look like 
> from the generation-via-OpenSSL side?

1. Common Name is not used for host names for quite a few years now
2. most commercial CAs completely ignore any data in the CSR but the public
   key
3. Subject DN can be empty, if that will be accepted by CA is up to CAs 
policy
-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic



More information about the openssl-users mailing list