This has been discussed previously and my recollection is that multiple CNs are allowed as long as each one has a single entry from the subjectAlternativeName extension.
On Sun, Oct 29, 2017 at 11:42 AM, Hanno Böck via dev-security-policy <[email protected]> wrote: > Hi, > > This certificate has a duplicate commonname: > https://crt.sh/?id=242683153&opt=problemreporting > > This was pointed out by Mattias Geniar: > https://twitter.com/mattiasgeniar/status/924705516974112768 > > I'm not entirely sure if the wording of the BRs forbid this (they say > the CN field must contain a single IP or fqdn, but don't really > consider the case that 2 CNs can be present), though this is > clearly malformed. > > I have informed telesec / Deutsche Telekom about this (this is > indirectly signed by them) via their contact form. > > I haven't checked if other such certificates exist. > > -- > Hanno Böck > https://hboeck.de/ > > mail/jabber: [email protected] > GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
