Hi Andy, > -----Original Message----- > From: Andy GOKTAS > > I'm generating a CSR and need to include subjectAltNames (about 6 of > them). > > I remember reading (but I could be dreaming) a while back > that you MUST > include your CN in the subjectAltName list - and it should be listed > first in the subjectaltname list, otherwise it won't work; or you will > experience issues. > > Is this true?
no, this is not true. I assume you're talking about a server certificate. The question you have to ask yourself is: Which clients/browsers do I want to support. And then you can check yourself how they behave if you don't add the hostname contained in the cn to the list of subjectAltNames. If I remember correctly, the last time I checked this, Opera required the cn's hostname additionally in a subjectAltName extension. But this is 6 years ago, and my memory could be at fault... HTH, Patrick Eisenacher ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
