Confirm, administrator
5,526
edits
Changes
→DNS names go in SAN
Some CAs mistakenly believe that one primary DNS name should go into the Subject Common Name and all the others into the SAN. That's wrong. ALL should go into the SAN.
=== Domain owned by a Natural Person ===
'''Proposal from Viktor Varga:''' ''the exception when a natural person owns a domain name is not handled in any RFC. Its right, that the DNS to the CN is a deprecated solution, but the usage of the DNS in CN field is still popular. The question, how to display a natural person in a certificate. In EV it is solved, because EV can be bought only by organisation. CN cant be used, and the O field means organisation, not Individual.''
If a domain name is owned by a natural person, and the person wants to get a certificate, then after successful validation the parameters of the natural person the information about the person should be included into these fields:
* O = name of the person inf the form it's displayed in its ID
* OU = the string "natural person"
=== OCSP ===
