minimum viable CSR?
Felipe Gasper
felipe at felipegasper.com
Wed Jul 15 11:19:31 UTC 2020
> On Jul 15, 2020, at 7:16 AM, Hubert Kario <hkario at redhat.com> wrote:
>
> On Tuesday, 14 July 2020 21:18:53 CEST, Felipe Gasper wrote:
>> Hello,
>>
>> I have domains whose length exceeds the commonName maximum. To create a signing request for such a domain, then, I can’t put the domain in the CSR’s subject.
>>
>> Assuming that I’m interested in just a DV certificate--such that the CSR’s subject DN actually provides no useful information--what would the minimum-viable subject look like from the generation-via-OpenSSL side?
>
> 1. Common Name is not used for host names for quite a few years now
> 2. most commercial CAs completely ignore any data in the CSR but the public
> key
> 3. Subject DN can be empty, if that will be accepted by CA is up to CAs policy
Making subject DN empty is what I was struggling with but eventually found a syntax that works.
Thank you!
-F
More information about the openssl-users
mailing list