 |
 |
Hi, your step 1) is a bit too restrictive. It's not mandatory to have subjectAltNames (SANs) in a hostcert, but if they are there, they MUST match. If there is no SAN, then the most specific CN field MUST match the hostname. This latter option is not recommended, but allowed. See second paragraph on https://tools.ietf.org/html/rfc2818#page-5 -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/841#issuecomment-433057918 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1