> Le 17 août 2017 à 17:36, Jeffrey Walton a écrit :
>
> On Thu, Aug 17, 2017 at 11:34 AM, Erwann Abalea
> wrote:
>>
>>> Le 17 août 2017 à 17:26, Jeffrey Walton a écrit :
>>>
> When you see a name like "example.com" in the CN, its usually a CA
> including a domain name and not a hostn
On Thu, Aug 17, 2017 at 11:34 AM, Erwann Abalea
wrote:
>
>> Le 17 août 2017 à 17:26, Jeffrey Walton a écrit :
>>
When you see a name like "example.com" in the CN, its usually a CA
including a domain name and not a hostname.
>>>
>>> That's nonsense.
>>
>> If a certificate is issued under
> Le 17 août 2017 à 17:26, Jeffrey Walton a écrit :
>
>>> When you see a name like "example.com" in the CN, its usually a CA
>>> including a domain name and not a hostname.
>>
>> That's nonsense.
>
> If a certificate is issued under CA/B policies, and CN=example.com but
> it _lacks_ SAN=exampl
Viktor,
thanks for the reply.
On 08/17/2017 11:15 AM, Viktor Dukhovni wrote:
On Thu, Aug 17, 2017 at 12:56:20AM -0400, Jeffrey Walton wrote:
Remove commonName and emailAddress completely from the cnf file. They no
longer belong in any cert, root or intermediate CA certs, server or user
certs.
>> When you see a name like "example.com" in the CN, its usually a CA
>> including a domain name and not a hostname.
>
> That's nonsense.
If a certificate is issued under CA/B policies, and CN=example.com but
it _lacks_ SAN=example.com, then its a not a hostname and it should
not be matched.
I'm
On Thu, Aug 17, 2017 at 12:56:20AM -0400, Jeffrey Walton wrote:
> > Remove commonName and emailAddress completely from the cnf file. They no
> > longer belong in any cert, root or intermediate CA certs, server or user
> > certs.
>
> CommonName is supplied for viewing by tools like certificate vie
On 08/17/2017 12:56 AM, Jeffrey Walton wrote:
On Thu, Aug 17, 2017 at 12:28 AM, Robert Moskowitz wrote:
I have skimmed through a few RFCs following today's postings and a few web
sites. It would seem to me that I should:
Remove commonName and emailAddress completely from the cnf file. They
On Thu, Aug 17, 2017 at 12:28 AM, Robert Moskowitz wrote:
> I have skimmed through a few RFCs following today's postings and a few web
> sites. It would seem to me that I should:
>
> Remove commonName and emailAddress completely from the cnf file. They no
> longer belong in any cert, root or inte
I have skimmed through a few RFCs following today's postings and a few
web sites. It would seem to me that I should:
Remove commonName and emailAddress completely from the cnf file. They no
longer belong in any cert, root or intermediate CA certs, server or user
certs.
For servers include s
