minimum viable CSR?

Felipe Gasper felipe at felipegasper.com
Wed Jul 15 11:19:31 UTC 2020



> On Jul 15, 2020, at 7:16 AM, Hubert Kario <hkario at redhat.com> wrote:
> 
> On Tuesday, 14 July 2020 21:18:53 CEST, Felipe Gasper wrote:
>> Hello,
>> 
>> 	I have domains whose length exceeds the commonName maximum. To create a signing request for such a domain, then, I can’t put the domain in the CSR’s subject.
>> 
>> 	Assuming that I’m interested in just a DV certificate--such that the CSR’s subject DN actually provides no useful information--what would the minimum-viable subject look like from the generation-via-OpenSSL side?
> 
> 1. Common Name is not used for host names for quite a few years now
> 2. most commercial CAs completely ignore any data in the CSR but the public
>  key
> 3. Subject DN can be empty, if that will be accepted by CA is up to CAs policy

Making subject DN empty is what I was struggling with but eventually found a syntax that works.

Thank you!

-F


More information about the openssl-users mailing list