GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » Product Feedback » Kerio Connect Feedback » Feature Request: SSL/TLS certificates with SAN (Allow creation and use of certificates with SAN entries)
Feature Request: SSL/TLS certificates with SAN [message #151852] Wed, 08 June 2022 14:41
bfmjh
Messages: 1
Registered: June 2022
Hello,

some current web browsers like Firefox and Edge have implemented stricter policies regarding the association of certificates with a domain. Using Common Name (CN) to identify the Server has been deprecated since 2000 (RFC2818 https://datatracker.ietf.org/doc/html/rfc2818#section-3.1), and browsers now seem to start to enforce this.

Entries in the Common Name (CN) field are no longer accepted, only domain entries in Subject Alternative Names (SAN). This means that when connectiong to a server using a SSL/TLS certificate without SANs, the connection is marked as unsafe by the browser (because there is no match in the certificate to the FQDN) and users have to create an exception to be able to connect.

Kerio Connect should include the fully qualified domain name (FQDN) in the SAN field when generating a Certificate Signing Request (CSR). Ideally, it should also be possible to add several entries to be able to connect with different FQDNs or IP addresses associated with the server (in the CSR creation dialogue in the admin interface).

Kind Regards
Previous Topic: Use (+) to create unlimited siblings of your email address
Next Topic: Kerio support Iphone 13
Goto Forum:
  


Current Time: Wed Oct 05 08:26:44 CEST 2022

Total time taken to generate the page: 0.02084 seconds