[Freeipa-devel] [freeipa PR#228][comment] cert-request: allow directoryName in SAN extension
tiran
freeipa-github-notification at redhat.com
Tue Nov 29 10:42:46 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/228
Title: #228: cert-request: allow directoryName in SAN extension
tiran commented:
"""
@jcholast I'm not familiar with any standard that mandates that a X.509 Subject DN should identify a subject in a directory. Which standard mandates the relationship? RFC 5280 only requires that the Subject DN must be unique for each entity. A CA is allowed to issue multiple certs with the same Subject DN for the same entity. https://tools.ietf.org/html/rfc5280#section-4.1.2.6
"""
See the full comment at https://github.com/freeipa/freeipa/pull/228#issuecomment-263536634
More information about the Freeipa-devel
mailing list