subjectAltName 中的主要‘通用名称’？

Question 1

If a subjectAltName extension of type dNSName is present, that MUST
be used as the identity. Otherwise, the (most specific) Common Name
field in the Subject field of the certificate MUST be used. Although
the use of the Common Name is existing practice, it is deprecated and
Certification Authorities are encouraged to use the dNSName instead.

这意味着如果 subjectAltName 存在，CN 将被忽略，所以是的，您确实需要添加 foobox.grawity.tld 作为 subjectAltName 条目。

Answer

RFC 2818说：

If a subjectAltName extension of type dNSName is present, that MUST
be used as the identity. Otherwise, the (most specific) Common Name
field in the Subject field of the certificate MUST be used. Although
the use of the Common Name is existing practice, it is deprecated and
Certification Authorities are encouraged to use the dNSName instead.

这意味着如果 subjectAltName 存在，CN 将被忽略，所以是的，您确实需要添加 foobox.grawity.tld 作为 subjectAltName 条目。

Question 2

通常，客户端希望看到它正在查看的主机名与 subjectDN.CommonName 或 subjectAltName 之间的完全匹配。

Answer

通常，客户端希望看到它正在查看的主机名与 subjectDN.CommonName 或 subjectAltName 之间的完全匹配。

subjectAltName 中的主要‘通用名称’？

答案1

答案2

相关内容