On Thursday, September 17, 2015 at 2:34:41 PM UTC-4, jean-pierre.muench wrote: > > Yay, a well-trusted certificate :) > > May I ask if it's by design that there's no CN for the certificate? > (Didn't even know this is possible :O ) >
Yeah, that one was new to me, too. I tried to recall if a CN was optional in PKIX or CA/B Baseline Requirements, but I'm getting old, and factoids like that have faded away. I'll have to look it up when I get back into RFC 5280 or the CA/B BR. The CSR included "Crypto++ Project" as the CN. I always use a friendly name when possible because tools like certificate.msc and other viewers display it for the user. I think what happened was I asked to avoid DNS names in the CN (both PKIX and CA/B BR deprecate the practice), and that may have gotten translated into no CN. I suspect its due to a technical limitation in the workflows because some hand tuning occurred. Or maybe it was the double plus sign, and fear of breaking user agents and shell scripts that parse the name. Wouldn't that be a cool little research project... You might get invited to give a talk at BlackHat for that one. May I also ask for default-forward to HTTPS when visiting cryptopp.com? > How do we set that up? If its Apache, then I should be able to make the change. If its DNS, then I probably can't make the change because of account access limitations. Also, a low priority item is to get the visitor counter GIF working under HTTPS. Its only served over HTTP (from www.histats.com), so its a mixed content item. I was thinking we could just host the script or CGI ourselves. Jeff -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
