Subject Alternative Name
From HandWiki
Short description: Allows various names to be associated with a security certificate
An example of a Subject Alternative Name section for domain names owned by the Wikimedia Foundation
Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field.[1] These values are called Subject Alternative Names (SANs). Names include:[2]
- Email addresses
- IP addresses
- URIs
- DNS names: this is usually also provided as the Common Name RDN within the Subject field of the main certificate.
- Directory names: alternative Distinguished Names to that given in the Subject.
- Other names, given as a General Name or Universal Principal Name: a registered object identifier followed by a value.
RFC 2818 (May 2000) specifies Subject Alternative Names as the preferred method of adding DNS names to certificates, deprecating the previous method of putting DNS names in the commonName field.[3] Google Chrome version 58 (March 2017) removed support for checking the commonName field at all, instead only looking at the SANs.[3]
See also
References
- ↑ "x509v3_config - X509 V3 certificate extension configuration format". OpenSSL. https://www.openssl.org/docs/manmaster/man5/x509v3_config.html#Subject-Alternative-Name.
- ↑ RFC 5280: 4.2.1.6. Subject Alternative Name
- ↑ 3.0 3.1 Medley, Joseph (March 2017). "Deprecations and Removals in Chrome 58". Google Developers. https://developers.google.com/web/updates/2017/03/chrome-58-deprecations#remove_support_for_commonname_matching_in_certificates.
 |  |
