On Fri, Apr 30, 1999 at 11:28:45AM +0100, Anthony Peacock wrote:
> It turns out the Netscape v4.06 or higher, requires that the CN (common
> name) of the certificate matches the DNS name of the server. I think this
> _is_ part of the standard, it is just that the other browsers don't complain.
>
> So if your URL is: https://secure.mydomain.com/
>
> the CN should be: secure.mydomain.com
Any browser should *complain* if the DNS name is not found as either
the CN or a subjectAltName in the certificate, but I don't think that
the error message saying that the certificate does not allow the kind
of operation it is used for can occur because of this. The browser
should notify the user that the certificate is not signed by an
accepted CA, and that the name does not match the URL, but it should
still offer the possibility to accept the certificate.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
