Forum Discussion
2 Replies
Sort By
if the CN is the same as the DNS= in the SAN field then there isn't really a good reason i can think of.
usually you have the one hostname in CN and several others in the SAN field as DNS= and perhaps some as IP=
but again, if they are the same between the DNS= in SAN and CN then that probably is a template thing and of no actual use.
- David__PaschAltostratus
Are the certs being issued from different CAs?
I think most big public CA SSL certs will have the FQDN(one or all) listed completely in the SAN section. The ones I work with do. If the SAN section exists, the clients should be ignoring the CN field. Additionally, the CN field is deprecated, despite current usage, and many apps/browsers are moving to only look at the SAN field.
Good Luck!