On 08/16/2017 01:49 PM, Lonnie Olson wrote: > On Wed, Aug 16, 2017 at 1:28 PM, Michael Torrie <[email protected]> wrote: >> If you need to have more than one name (hostname) on a certificate, the >> mechanism is the "subject alternate name" field. This is supported by >> most browsers, most ssl clients, and you can sign such certs using Let's >> Encrypt, which supports SAN. Not all registrars let you sign a cert with >> SANs. > > Considering that Google Chrome specifically requires a SAN on certificates > [1], > I imagine that all certificate authorities support SANs. > > 1. https://support.google.com/chrome/a/answer/7391219?hl=en
Good to know. At one time a free cert provider (now defunct and has been dropped from all major browsers) would certainly not sign a cert with more than one SAN for sure. I suppose if I were big brother and were trying to track down illicit internet use I probably would look at the cert and see if the SANs listed any suspicious hostnames like vpn! /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
