minimum viable CSR?

Hubert Kario hkario at
Wed Jul 15 11:16:14 UTC 2020

On Tuesday, 14 July 2020 21:18:53 CEST, Felipe Gasper wrote:
> Hello,
> 	I have domains whose length exceeds the commonName maximum. To 
> create a signing request for such a domain, then, I can’t put 
> the domain in the CSR’s subject.
> 	Assuming that I’m interested in just a DV certificate--such 
> that the CSR’s subject DN actually provides no useful 
> information--what would the minimum-viable subject look like 
> from the generation-via-OpenSSL side?

1. Common Name is not used for host names for quite a few years now
2. most commercial CAs completely ignore any data in the CSR but the public
3. Subject DN can be empty, if that will be accepted by CA is up to CAs 
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

More information about the openssl-users mailing list