Questions tagged [san]

SubjectAltName is an extension field in an X.509 certificate that allows the inclusion of alternate names for the certificate holder, such as domain names, email addresses, etc.

The san tag should be applied to questions that are specifically about the SubjectAltName extension. It should normally be used in conjunction with the certificates tag.

24 questions

votes

1 answer

SSL Cert SAN field

I'm not really sure exactly how to ask this, but I'll try my best. I have two SSL certs, and I'm tyring to figure out if I accidentally invalidated one of them. Cert 1 was just renewed, and issued to www.mydomain.com in the CNAME. This cert included…

tls certificates san

asked Mar 23 '21 at 16:50

mituw16

votes

1 answer

OpenSSL GENERAL_NAME:bad ip address set in [alt_names]

I am getting this error in my device: javax.net.ssl.SSLException: hostname in certificate didn't match: != So I did some research and found I could set alternative IP address in an OpenSSL…

openssl san

asked Oct 09 '20 at 18:27

Adam Paul

votes

1 answer

CA cert with many Subject Alternative Name (SAN) entries, versus individual certs in public production?

I'm looking into creating a CA certificate strategy where i work. And i was wondering if anyone had any points of interest to raise around the difference of a model where our .com and key subdomains use the same cert with SAN entries... versus each…

certificates certificate-authority san

asked Oct 08 '20 at 09:43

hiburn8

votes

0 answers

SAN is getting replaced into CSR with CA's SAN

I am using the following command to create a certificate sign request file. openssl.exe req -new -key clinetkey.pem -out client.csr" -config client_cacert.cnf where client_cacert.cnf has the following content [ req ] default_bits = 4096 default_md…

certificates openssl x.509 san

asked Sep 17 '20 at 14:11

Neeraj Bansal

votes

1 answer

Error Loading extension 'copy_extensions' in Openssl

While running the following command on Ubuntu 19.10, with OpenSSl 1.1.1c 28 May 2019: openssl req -config ${CNF_FILE} -key ${PRIVATE_FILE} -new -x509 -days 10950 -sha384 -extensions v3_ca -out ${CERT_FILE} I receive the following output: Error…

tls certificate-authority openssl self-signed san

asked Jun 29 '20 at 19:20

jj_inno

votes

2 answers

How do cert authorities set and determine subjectAltNames if not provided by end user?

Let's say as an end user I generate a CSR (for a server cert) to send over to a CA and I don't include a subject alternative name. How or what would they do in order to include that information on the server certificate they send back? Or would they…

tls certificate-authority openssl san

asked Aug 17 '18 at 19:50

mac92

votes

1 answer

Certificate SAN Disclosure. How harmful can it be?

My daily job duties brought me (by mistake) to the following IP: 52.63.96.32 It appears the registrar has signed with a single certificate a "lot" of domain. https://www.shodan.io/host/52.63.96.32 Am am right to assume that: This is information…

tls aws san

asked Feb 13 '18 at 04:11

Florian Bidabé

votes

1 answer

DNS hijacking and Subject Alternative Names

My website is published on Google's Firebase Hosting. I own the domain. Google provision an SSL certificate (lately from Lets Encrypt, it used to be someone else). The certificate is shared between several domains using Subject Alternative Names. I…

tls http man-in-the-middle dns san

asked Jul 07 '17 at 15:42

Colonel Panic

2,214
2
22
23

-1

votes

1 answer

SSL Certificate Subject Alternative Name Information Disclosure

I'd appreciate if someone could shed some lights on the subject findings. Is this a security problem having bank.com appearing on the SAN? Hostname was discovered in the Subject Alternative Name (SAN) of the certificate presented by the service.

certificates san

asked Oct 10 '18 at 19:19

Shabir

Prev 1