You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"Each identity in identities list MUST contain country (C), state or province (ST), and organization (O) RDNs. All other RDNs are optional. The minimal possible value is x509.subject: C=${country}, ST=${state}, O={organization},"
Not all identities will have a state/province value unless the identity is in the US or Canada, so the ST or S value need to NOT be required. The minimum subject DN fields should be CN=, O=, L=, C=. Signing certs commonly use these values as the minimum for subject DN.
The text was updated successfully, but these errors were encountered:
Hi Ian -
As per BR of cabforum- Section 7.1.4.2, should it be either C=${country}, ST=${state}, O={organization} Or C=${country}, L=${localityName}, O={organization} ? Why do we need CN?
CN and O field values are commonly the same values, but there are many cases where a legal tradename or "dba" (doing business as) name can be placed in the O field while the CN value remains to the be legal organization or individual name. That said, we could allow for the minimum to exclude CN as @priteshbandi recommends.
@priteshbandi I checked the section 7.1.4.2.2 in specification, it seems commonName is a required field for both EV and non-EV Code Signing Certificates. Would you mind checking it again?
Currently in the Trust Store and Trust Policy Specification in the Trusted Identities Constraints section there is a minimum field requirement on x.509 cert subject DN values stated as:
"Each identity in identities list MUST contain country (C), state or province (ST), and organization (O) RDNs. All other RDNs are optional. The minimal possible value is
x509.subject: C=${country}, ST=${state}, O={organization}
,"Not all identities will have a state/province value unless the identity is in the US or Canada, so the
ST
orS
value need to NOT be required. The minimum subject DN fields should beCN=
,O=
,L=
,C=
. Signing certs commonly use these values as the minimum for subject DN.The text was updated successfully, but these errors were encountered: