> >. New certificates should only use the subjectAltName extension.
>Are any CAs actually doing that? I thought they all still included
> subject.CN.
Yes, I think commercial CA's still do it. But that doesn't make my statement
wrong :)
--
openssl-users mailing list
To
> On Dec 22, 2018, at 9:12 PM, Salz, Rich via openssl-users
> wrote:
>
> Putting the DNS name in the CN part of the subjectDN has been deprecated for
> a very long time (more than 10 years), although it is still supported by many
> existing browsers. New certificates should only use the
Putting the DNS name in the CN part of the subjectDN has been deprecated for a
very long time (more than 10 years), although it is still supported by many
existing browsers. New certificates should only use the subjectAltName
extension.
--
openssl-users mailing list
To unsubscribe:
It shouldn’t matter. Technically subject.CN is deprecated anyway, but all the
CAs still create it.
-FG
> On Dec 22, 2018, at 4:29 PM, Walter H. wrote:
>
> Hello,
>
> I found several different certificates on the net
>
> some are like this:
>
> CN=example.com
> SANs areDNS:example.com,
Hello,
I found several different certificates on the net
some are like this:
CN=example.com
SANs areDNS:example.com, DNS:www.example.com
and some are like this:
CN=www.example.com
SANs areDNS:example.com, DNS:www.example.com
does this matter or is one them the preferred one?