Email or username:

Password:

Forgot your password?
Top-level
Sebastian Lauwers

@nblr Private CAs are still very clearly needed. I'm just appalled when I see people in charge of private CAs who don't know the first thing about certificates.

I had one argue to me that they couldn't issue a client cert without a domain name! This client cert was intended for an external party, and the CA person was happy to issue it with a cn=$external.DONOTUSE.$clientcompany.com. No way that could be abused.

1 comment
~n

@teotwaki uuhm. uhm. I mean... technically (as in X.509 words on imaginary paper) you can even issue one without a CN, not sure if there's any implementation who would find that funny, but implying that there's any structure to what's in a CN? That sounds like someone who only ever suffered a single vendor's implementation and idea how to do things. lel. There is an abundance of other details of that spec one might want to argue over, this isn't one of them.

Go Up