Details
-
Task
-
Resolution: Duplicate
-
Major - P3
-
None
-
None
-
None
-
None
Description
Per Ricardo:
For example, according to RFC 6125, hostname verification should be done against the certificate’s subjectAlternativeName’s dNSName field and not the CN (https://tools.ietf.org/html/rfc6125#section-1.5). it is possible to add the proper extensions using the OpenSSL commands and configuration.
Additionally, we should show the proper OpenSSL commands for making a certificate request and sign it using a CA or an intermediate authority instead of a self-sign certificate which is not a common practice for enterprise deployments.