Hi, we need to issue a certificate for www.gueñes.eus<http://www.gueñes.eus>. According to CABForum requirements, the dnsName, if included in the CN, must match the SAN of the certificate. Our problem is that according to RFC5280 the dnsName in the SAN must be encoded with IA5String, and can't include not ASCII 7-bits characters (like 'ñ'). If we encode the CN using UTF-8 (www.gueñes.eus<http://www.gueñes.eus>) and the SAN using IA5String (www.xn--guees-qta.eus<http://www.xn--guees-qta.eus>), then tools like zlint or https://misissued.com/batch/1/ don't accept them as valid, because they see them as different names (www.gueñes.eus<http://www.gueñes.eus> in CN vs www.xn--guees-qta.eus<http://www.xn--guees-qta.eus> in SAN). Shall we issue the CN as www.xn--guees-qta.eus<http://www.xn--guees-qta.eus> like the SAN, or can we have different values between CN and SAN?
Thanks .eus gara ! horregatik orain nire helbide elektronikoa da: por eso mi dirección de correo electrónico ahora es: [email protected]<mailto:[email protected]> Oscar García CISSP, CISM [Descripción: Descripción: firma_email_Izenpe_eus] ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ! ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente. [Descripción: cid:[email protected]]
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
