Martin is correct. This is not well-formed cert as per RFC 5280:
4.1.2.4.Issuer
The issuer field identifies the entity that has signed and issued the
certificate.The issuer field MUST contain a non-empty distinguished
name (DN)
4.1.2.6.Subject
The subject field identifies the entity associated with the public
carried in the subject field and/or the subjectAltName extension.
We issued 5280bis in part to accommodate DANE's use of ss certs. Please
don't
provide examples that are obviously non-complaint relative to basic PKIX and
X.509 specs.
Steve
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
