Re: [openssl-users] Subject CN and SANs

2018-12-22 Thread Salz, Rich via openssl-users
> >. New certificates should only use the subjectAltName extension. >Are any CAs actually doing that? I thought they all still included > subject.CN. Yes, I think commercial CA's still do it. But that doesn't make my statement wrong :) -- openssl-users mailing list To

Re: [openssl-users] Subject CN and SANs

2018-12-22 Thread Felipe Gasper
> On Dec 22, 2018, at 9:12 PM, Salz, Rich via openssl-users > wrote: > > Putting the DNS name in the CN part of the subjectDN has been deprecated for > a very long time (more than 10 years), although it is still supported by many > existing browsers. New certificates should only use the

Re: [openssl-users] Subject CN and SANs

2018-12-22 Thread Salz, Rich via openssl-users
Putting the DNS name in the CN part of the subjectDN has been deprecated for a very long time (more than 10 years), although it is still supported by many existing browsers. New certificates should only use the subjectAltName extension. -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] Subject CN and SANs

2018-12-22 Thread Felipe Gasper
It shouldn’t matter. Technically subject.CN is deprecated anyway, but all the CAs still create it. -FG > On Dec 22, 2018, at 4:29 PM, Walter H. wrote: > > Hello, > > I found several different certificates on the net > > some are like this: > > CN=example.com > SANs areDNS:example.com,

[openssl-users] Subject CN and SANs

2018-12-22 Thread Walter H.
Hello, I found several different certificates on the net some are like this: CN=example.com SANs areDNS:example.com, DNS:www.example.com and some are like this: CN=www.example.com SANs areDNS:example.com, DNS:www.example.com does this matter or is one them the preferred one?