Skip to content

Commit

Permalink
tls article: fix SAN wording
Browse files Browse the repository at this point in the history
  • Loading branch information
cu committed Dec 7, 2023
1 parent 8a24ee5 commit 6636ae3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion content/filling-in-the-gaps-tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ A cert has many bits of information, but these are the most important ones:
* Side-note: The subject contains a CN (CommonName) attribute. Once upon a time, this was used to specify the domain that the certificate was created for. In modern times, the CN attribute is largely ignored by TLS clients, which only look at the Subject Alternative Name (SAN) if it exists. See below. (But note that some "legacy" software may still try to validate the CN.)
* **Validity**: When the certificate is valid.
* **X509 Extensions**:
* **Subject Alternative Name** (a.k.a. SAN): In an end-entity certificate for HTTPS, this contains one or more DNS names and is what links the site security to the certificate. This can be an FQDN or a wildcard (e.g. `*.example.com`). It's important to know that wildcards do not include subdomains, so `*.example.com` will not work for `foo.bar.example.com`.
* **Subject Alternative Name** (a.k.a. SAN): In a leaf cert, this contains one or more DNS names and is what links the site security to the certificate. This can be an FQDN or a wildcard (e.g. `*.example.com`). It's important to know that wildcards do not include subdomains, so `*.example.com` will not work for `foo.bar.example.com`.
* **Key Usage**: Root and intermediate certs will say "Certificate Sign", leaf certs will say, "Digital Signature"
* **Basic constraints**: Root and intermediate certs will say "CA: True"
* **Extended Key Usage**: Leaf certs will say "TLS Web Server Authentication"
Expand Down

0 comments on commit 6636ae3

Please sign in to comment.