This has been discussed previously and my recollection is that multiple CNs are allowed as long as each one has a single entry from the subjectAlternativeName extension.
On Sun, Oct 29, 2017 at 11:42 AM, Hanno Böck via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > Hi, > > This certificate has a duplicate commonname: > https://crt.sh/?id=242683153&opt=problemreporting > > This was pointed out by Mattias Geniar: > https://twitter.com/mattiasgeniar/status/924705516974112768 > > I'm not entirely sure if the wording of the BRs forbid this (they say > the CN field must contain a single IP or fqdn, but don't really > consider the case that 2 CNs can be present), though this is > clearly malformed. > > I have informed telesec / Deutsche Telekom about this (this is > indirectly signed by them) via their contact form. > > I haven't checked if other such certificates exist. > > -- > Hanno Böck > https://hboeck.de/ > > mail/jabber: ha...@hboeck.de > GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
