> The controlling standard is not RFC 3280, or in fact any of the RFCs. It is > X.509, available from http://www.itu.int/. (You can get the latest ratified > edition for no cost.) If its a server certificate issued by a CA intended to be consumed by browsers (or other related services), then the CA likely issued under the CA/Browser Forums Baseline Requirements and EV Guide; not RFCs like 5280 and 6125.
You can find them at http://cabforum.org/baseline-requirements-documents/ and http://cabforum.org/extended-validation-2/. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org