We recently encountered a reoccurring scenario while using .well-known to validate a certificate. The customer is trying to validate basedomain.com using http://basedomain.com/.well-known/pki-validation/[page <http://basedomain.com/.well-known/pki-validation/%5bpage> ]. However, the server redirects this to https://www.basedomain.com/.well-known.pki-valdiation/[page <https://www.basedomain.com/.well-known.pki-valdiation/%5bpage> ] Because basedomain.com cannot be used to verify www.basedomain.com <http://www.basedomain.com> , the validation fails. Is this the correct result? Or is a returned random value through a re-direct sufficient to verify the base domain?
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
