The semantics of subjectAltName depend on use. For example http://tools.ietf.org/html/rfc4945
On Tue, Oct 23, 2012 at 1:57 AM, Thomas <alth...@gmx.net> wrote: > Hey there, > > for openssl, is it necessary to include the CN in the subjectAltName field > if the latter one is present at all ? > > I would expect the answer to be 'no' because I would expect the CN and > subjectAltName field to be in a 'or' relation - so either one to match would > be sufficient. Openssl (1.0.0j) complains if the subjectAltName extension is > set and does not contain the CN. As expteced, it's all good if the extension > is missing since the CN correctly contains the host name. Also, it's working > propperly once I add the CN into the subjectAltName field but that's kind of > weird - isn't it ? > > Regards, > Thomas > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org