Confirmed users, Administrators
5,526
edits
CA/Required or Recommended Practices: Difference between revisions
CA/Required or Recommended Practices (view source)
Revision as of 18:39, 4 March 2013
, 4 March 2013→DNS names go in SAN
m (→OCSP) |
|||
| Line 81: | Line 81: | ||
=== DNS names go in SAN === | === DNS names go in SAN === | ||
Some CAs mistakenly believe that one primary DNS name should go into the Subject Common Name and all the others into the SAN. | Some CAs '''mistakenly''' believe that one primary DNS name should go into the Subject Common Name and all the others into the SAN. | ||
According to the [https://www.cabforum.org/documents.html CA/Browser Forum Baseline Requirements:] | |||
* BR #9.2.1, Subject Alternative Name Extension | |||
** Required/Optional: '''Required''' | |||
** Contents: This extension MUST contain at least one entry. Each entry MUST be either a dNSName containing the Fully-Qualified Domain Name or an iPAddress containing the IP address of a server. | |||
* BR #9.2.2, Subject Common Name Field | |||
** Required/Optional: '''Deprecated (Discouraged, but not prohibited)''' | |||
** Contents: If present, this field MUST contain a single IP address or Fully-Qualified Domain Name that is one of the values contained in the Certificate’s subjectAltName extension (see Section 9.2.1). | |||
=== Domain owned by a Natural Person === | === Domain owned by a Natural Person === | ||