Everywhere I read says to have the server hostname in the commonName field and the subjectAltName field. The problem is that the hostname that I want to sign has greater than 64 characters. Therefore, the hostname wont fix in that field. I have seen sites such as this which even say that it is a security vulnerability not to have the hostname as the commonName. How should I do this?
Asked
Active
Viewed 724 times
2 Answers
0
Check this RFC:
This previous questions at stackoverflow:
- certificate-subject-x-509
- what-strings-are-allowed-in-the-common-name-attribute-in-an-x-509-certificate
As for a workaround, you can set a short CNAME entry in your DNS.
-
That wont work: the reason being that the hostname is a sha2 hash, I cant shorten it without losing meaning. – chacham15 Apr 14 '13 at 08:42
0
THe answer is that the cname is only an alternate. The cname and the san dont have to match.
chacham15
- 103
- 3