Somewhat OT: Empty SubjectAltName on server certificate (EAP-PEAP)
John Dennis
jdennis at redhat.com
Mon Apr 12 17:42:35 CEST 2010
On 04/12/2010 10:54 AM, Sergio Belkin wrote:
> Hi,
>
> I have a certificate with xpextensions but its "SubjectAltName" is empty.
>
> Is Mandatory or only is wrong when its content doesn't match with FQDN?
>
> Thanks in advance!
>
I believe you mean to say you have a certificate with x509 certificate
extensions. Do you mean there is a SubjectAltName extension present in
the certificate but it's value is empty or do you mean there is no
SubjectAltName in the certificate?
There are numerous x509 certificate extensions, SubjectAltName is just
one of the possibilities, just because a cert has extensions does *not*
mean it needs to have SubjectAltName.
SubjectAltName needs to be present when the CN component of the
certificate subject does not match the FQDN of the server presenting the
cert, otherwise it is not necessary. As an aside the SubjectAltName
still needs to be validated by some means.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list