Certificate with no Subject
Hi!
Is it normal that you issue SSL certificates with a blank Subject?
Seems like I get some with and some without a Subject. Both have the correct SAN tho, so they work as normal, but just curious about this since I've never seen certificates with blank subjects before.
I also see at crt.sh that it seems to be a regular thing with your issuer https://crt.sh/?identity=%25&iCAID=49982&p=1&n=100
-
For DV SSL certificates it is usually only the Domain Name which is included as Subject information - in the Common Name (CN) field. However, the use of CN is deprecated according to Baseline Requirements (BR) and it is recommended to use SAN (only) for Domain Names - see section 7.1.4.2.2 of BR at https://cabforum.org .
If the Subscriber applies for a SSL certificate with Domain Name in the CSR CN, we will issue the Certificate with Subject CN=Domain Name, otherwise it will only be included in SAN only. And in the latter case, the Subject will be empty for a DV SSL certificate.
-
Difference is on client side then, I see it now, it's certbot generating the CSR without Subject. Nice to know, as I presume this will break old stuff validating hostname of certificate based on CN of Subject, should be fun to test this. Thanks for the information and the pointer to the BR, learning some stuff here 👍
And of course it seems like I can't read, because it is all mentioned here already https://community.buypass.com/t/x1j8vt/create-a-certificate-with-subject
