IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [san]

SubjectAltName is an extension field in an X.509 certificate that allows the inclusion of alternate names for the certificate holder, such as domain names, email addresses, etc.

The tag should be applied to questions that are specifically about the SubjectAltName extension. It should normally be used in conjunction with the tag.

24 questions
14
votes
1 answer

Are certificate sans case sensitive

Creating a certificate request for my exchange server I am wondering if sans and CNs are case sensitive?
kimo pryvt
  • 469
  • 4
  • 6
  • 12
8
votes
2 answers

Add a San(Subject Alternative Name) to already existing cert?

So we have a system that generates a key for every server signed by the company CA. I need to add a SAN to it but don't really have access to the CSR. Is there anyway to add a SAN? Maybe generate another cert in the chain so I can use the CA and…
Biff
  • 203
  • 1
  • 2
  • 4
6
votes
1 answer

Chrome requires SAN names in Certificate. When will other browsers (IE) follow?

Chrome requires SSL Certificates to list the site name(s) in the subject alternative name (SAN) to be trusted. Usage of common name only is not seen as secure enough, and will result in a certificate validation error in Chrome. We are in the proces…
oɔɯǝɹ
  • 528
  • 2
  • 6
  • 18
4
votes
2 answers

Multiple, different sites on same server. Individual SSL certificates for each or SAN certificate?

On a server containing multiple unrelated sites what is the best solution, in general, for applying SSL security to each site? Individual certificates for each site or a SAN certificate?
javy
  • 141
  • 2
3
votes
1 answer

Same SAN listed in different certificates, both valid at the same time?

I am implementing a multi-master highly available service, which is deployed on two different machines. There is also third machine. It doesn't do anything other than cross-monitoring the cluster and being third voter for a quorum, so there are no…
Nikita Kipriyanov
  • 133
  • 1
  • 6
2
votes
1 answer

What is the security advantage of requiring the CN to be in the SAN list?

For quite a while, it has been common that the CN of a web server certificate also needs to be present in the SAN list, and new versions of browsers enforce this. So, if my CN is www.example.com, and the SAN has only example.com, browsers will…
Guntram Blohm
  • 1,529
  • 11
  • 13
2
votes
1 answer

Ramifications of including "localhost" in the subject alternative field of a x509 certificate?

Are we inviting any problems if we add localhost and 127.0.0.1 to the subject alternative name field of an x509 certificate? We are still trusting the appropriate root CA, but relaxing the rules of the name just a bit.
salparadise
  • 123
  • 3
2
votes
1 answer

Is there a risk associated with to many entries in your SAN list?

Is there any risk associated with having lots of websites in your SAN list? For instance: Or is this common among website hosts, and possibly safe?
AncientSwordRage
  • 1,925
  • 4
  • 17
  • 19
2
votes
1 answer

What are OIDs in the context of this keytool command?

I'm in the process of setting up a 3rd party plugin to Elasticsearch called Search Guard which requires also Search Guard SSL. While setting up Search Guard SSL, you're required to set up several keystores and SSL certificates. Several scripts are…
slm
  • 245
  • 5
  • 15
2
votes
1 answer

What is the risk of data being recovered from SAN storage after logical deletion?

The specific scenario involves Linux servers on VMware hosts with SAN storage. If files containing sensitive data are deleted by Linux, can they be recovered by a low level tool similar to what might be done with local storage? I think there are a…
JaimeCastells
  • 1,156
  • 1
  • 9
  • 16
1
vote
1 answer

getting no subject alternative name present exception when the csr shows that the SANs are present

I am trying to setup ssl for grpc but no matter what I try I get a no subject alternative name present. I've verified the SANs are in the certificate signing request. The common name and also a SAN are the ip addr. I am trying to connect using the…
Jeff Gaer
  • 131
  • 3
1
vote
2 answers

Are SAN IP addresses / DNS names useless in self signed certificates by untrusted CAs?

I want to generate a self signed certificate for temporary local testing of a web service via HTTPS. I don't want to install the CA though, because the self signed certificate is generated on the fly with each start of the web service and I'd have…
phlow
  • 11
  • 1
1
vote
1 answer

Subject Alt Name certs

Is it ok to specify subdomains in certificates that support SAN. For example base domain is example.com and I want a.example.com, b.example.com, and c.example.com to be included? What is the primary purpose of SANs?
user3448600
  • 259
  • 1
  • 2
  • 7
0
votes
1 answer

Connection problems with common name as domain

I was exploring SAN certs and was able to connect to the machine with domains specified in the SAN fields during CSR creation. But I was unable to connect to the machine with the common name specified in the CSR. Below error is what I get on…
SandMan
  • 1
  • 1
0
votes
1 answer

Multi Domain SAN or single SSL certificate

I want to use a multi-domain SAN certificate for 5 of my public-facing domains. All of these domains point to the same ingress server (SSL is terminated at the load balancer), but the backend processing for each may be different. Is SAN is a good…
ab-ha-y
  • 3
  • 2
1
2