| Feature Request: SSL/TLS certificates with SAN [message #151852] |
Wed, 08 June 2022 14:41 |
bfmjh
Messages: 1
Registered: June 2022
|
|
|
|
Hello,
some current web browsers like Firefox and Edge have implemented stricter policies regarding the association of certificates with a domain. Using Common Name (CN) to identify the Server has been deprecated since 2000 (RFC2818 https://datatracker.ietf.org/doc/html/rfc2818#section-3.1), and browsers now seem to start to enforce this.
Entries in the Common Name (CN) field are no longer accepted, only domain entries in Subject Alternative Names (SAN). This means that when connectiong to a server using a SSL/TLS certificate without SANs, the connection is marked as unsafe by the browser (because there is no match in the certificate to the FQDN) and users have to create an exception to be able to connect.
Kerio Connect should include the fully qualified domain name (FQDN) in the SAN field when generating a Certificate Signing Request (CSR). Ideally, it should also be possible to add several entries to be able to connect with different FQDNs or IP addresses associated with the server (in the CSR creation dialogue in the admin interface).
Kind Regards
|
|
|
|
Members
Search
Help
Register
Login
Home
