What is the SSL Certificate Common Name?

  • 7,000
  • Tác giả: admin
  • Ngày đăng:
  • Lượt xem: 7
  • Tình trạng: Còn hàng
  • commonName format
  • Common Name vs Subject Alternative Name

The Common Name (AKA CN) represents the server name protected by the SSL certificate. The certificate is valid only if the request hostname matches the certificate common name. Most trang web browsers display a warning message when connecting đồ sộ an address that does not match the common name in the certificate.

In the case of a single-name certificate, the common name consists of a single host name (e.g. example.com, www.example.com), or a wildcard name in case of a wildcard certificate (e.g. *.example.com).

The common name is technically represented by the commonName field in the X.509 certificate specification.

commonName format

The common name is not a URL. It doesn’t include any protocol (e.g. http:// or https://), port number, or pathname. For instance, https://example.com or example.com/path are incorrect. In both cases, the common name should be example.com.

It must precisely match the server name where the certificate is installed. If the certificate is issued for a subdomain, it should be the full subdomain. For instance, for the www and api subdomains of example.com, the common name will be www.example.com or api.example.com, and not example.com.

Example of host name mismatch error on Google Chrome

Example of host name mismatch error on Google Chrome

Example of host name mismatch error on Google Safari

Example of host name mismatch error on Google Safari

Common Name vs Subject Alternative Name

The common name can only contain up đồ sộ one entry: either a wildcard or non-wildcard name. It’s not possible đồ sộ specify a list of names covered by an SSL certificate in the common name field.

The Subject Alternative Name extension (also called Subject Alternate Name or SAN) was introduced đồ sộ solve this limitation. The SAN allows issuance of multi-name SSL certificates.

The ability đồ sộ directly specify the nội dung of a certificate SAN depends on the Certificate Authority and the specific product. Most certificate authorities have historically marketed multi-domain SSL certificates as a separate product. They’re generally charged at a higher rate phàn nàn a standard single-name certificate.

On the technical side, the SAN extension was introduced đồ sộ integrate the common name. Since HTTPS was first introduced in 2000 (and defined by the RFC 2818), the use of the commonName field has been considered deprecated, because it’s ambiguous and untyped.

The CA/Browser Forum has since mandated that the SAN would also include any value present in the common name, effectively making the SAN the only required reference for a certificate match with the server name. The notion of the common name survives mostly as a legacy of the past. There are active discussions đồ sộ remove its use from most browsers and interfaces.