Forum Discussion

mkeenan_289714's avatar
mkeenan_289714
Icon for Nimbostratus rankNimbostratus
Nov 08, 2016

SSL Certificate CSR Subject Alternative Names "DNS="

Hello, I have seen some certificates with something equivalent to "DNS=website.com" in the subject alternative name with the common name value being "website.com" and some certificates with nothing in the subject alternative field. What is the point of the "DNS=website.com" being in the subject alternative field?

 

2 Replies

  • if the CN is the same as the DNS= in the SAN field then there isn't really a good reason i can think of.

     

    usually you have the one hostname in CN and several others in the SAN field as DNS= and perhaps some as IP=

     

    but again, if they are the same between the DNS= in SAN and CN then that probably is a template thing and of no actual use.

     

  • Are the certs being issued from different CAs?

     

    I think most big public CA SSL certs will have the FQDN(one or all) listed completely in the SAN section. The ones I work with do. If the SAN section exists, the clients should be ignoring the CN field. Additionally, the CN field is deprecated, despite current usage, and many apps/browsers are moving to only look at the SAN field.

     

    Good Luck!