Most browsers ( chrome, Opera, vivaldi , FF ) do NOT care about the subject line CN if the certificate is a SAN certificate
Take this SelfSigned certificate for various web 1plus1eq2.com. It has the following alt.Names installed in the certificate.
Take note of the duplicate alternate btw ;)
This certificate when load against a web_site, and once enabled will load with no certificate error when using any one of the alternate which is all good and normal.
The CN for the certificate was simply labeled as " tstupidcname"
Alt.Name
chrome
firefox
vivaldi
Safari
If you try to load the site and use the CN & with firefox for example, it will throw a error and even tell you want the certificate protects the sites listed in the Alt.Name sections.
cool ;)
So what you need to understand, that any issued x.509v3 certificate that has the Alt.Name extensions, " the web browser will ignore the CN field in the subject line and will NOT fallback to that CN "
Chrome also exhibits a error also if you try to use the CN;
But look here; Safari10.1.2 loads the sites with no error when using the CN
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment