> On Jul 15, 2020, at 7:16 AM, Hubert Kario <hka...@redhat.com> wrote:
>
> On Tuesday, 14 July 2020 21:18:53 CEST, Felipe Gasper wrote:
>> Hello,
>>
>> I have domains whose length exceeds the commonName maximum. To create a
>> signing request for such a domain, then, I can’t put the domain in the CSR’s
>> subject.
>>
>> Assuming that I’m interested in just a DV certificate--such that the
>> CSR’s subject DN actually provides no useful information--what would the
>> minimum-viable subject look like from the generation-via-OpenSSL side?
>
> 1. Common Name is not used for host names for quite a few years now
> 2. most commercial CAs completely ignore any data in the CSR but the public
> key
> 3. Subject DN can be empty, if that will be accepted by CA is up to CAs policy
Making subject DN empty is what I was struggling with but eventually found a
syntax that works.
Thank you!
-F
