On 23.12.2018 03:47, Salz, Rich via openssl-users wrote:
> >. New certificates should only use the subjectAltName extension.Are any CAs actually doing that? I thought they all still included subject.CN.Yes, I think commercial CA's still do it. But that doesn't make my statement wrong :)
Apache raises a warning at the following condition e.g. a virtual Host defines this: ServerName www.example.com:443 and the SSL certificate has a CN which does not correspond to CN=www.example.com, e.g. CN=example.com then the warning looks like this[Fri Dec 07 07:08:19.393876 2018] [ssl:warn] [pid 29746] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
and fills up the logs Walter
smime.p7s
Description: S/MIME Cryptographic Signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
