minimum viable CSR?
Hubert Kario
hkario at redhat.com
Wed Jul 15 11:16:14 UTC 2020
On Tuesday, 14 July 2020 21:18:53 CEST, Felipe Gasper wrote:
> Hello,
>
> I have domains whose length exceeds the commonName maximum. To
> create a signing request for such a domain, then, I can’t put
> the domain in the CSR’s subject.
>
> Assuming that I’m interested in just a DV certificate--such
> that the CSR’s subject DN actually provides no useful
> information--what would the minimum-viable subject look like
> from the generation-via-OpenSSL side?
1. Common Name is not used for host names for quite a few years now
2. most commercial CAs completely ignore any data in the CSR but the public
key
3. Subject DN can be empty, if that will be accepted by CA is up to CAs
policy
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
More information about the openssl-users
mailing list