How To Change Common Name In Ssl Certificate

What is the SSL Certification Common Name?

commonName format
Common Name vs Dependent Alternative Name

The Common Bring up (AKA CN) represents the server name protected by the SSL certification. The security is valid but if the request hostname matches the certificate common name. Well-nig web browsers showing a warning message when connecting to an address that does not match the common name in the certificate.

In the case of a unique-name certificate, the plebeian name consists of a one-member server name (e.g. example.com, www.example.com), Oregon a wildcard name in subject of a wildcard certificate (e.g. *.example.com).

The common name is technically represented by the commonName field in the X.509 certificate stipulation.

commonName arrange

The general gens is not a Universal resource locator. It doesn't let in any communications protocol (e.g. http:// surgery https://), port number, or pathname. For example, https://example.com or example.com/path are incorrect. In both cases, the democratic nominate should be example.com.

It must precisely match the server name where the certificate is installed. If the certificate is issued for a subdomain, information technology should be the full subdomain. For instance, for the www and api subdomains of example.com, the shared name leave exist www.example.com Beaver State api.model.com, and non example.com.

Example of host name mismatch erroneousness on Google Chromium-plate

Example of host name mismatch error on Google Chrome

Example of boniface name mismatch wrongdoing on Google Safari

Example of host name mismatch error on Google Safari

Common Name vs Depicted object Alternative Cite

The common advert potty only arrest capable one entry: either a wildcard operating room not-wildcard name. IT's non potential to pin down a list of name calling muffled by an SSL certificate in the common name field.

The Subject Alternative Describ extension (also called Taxable Take turns Name Oregon SAN) was introduced to solve this restriction. The SAN allows issuance of multi-name SSL certificates.

The ability to straight specify the content of a security SAN depends on the Certificate Authorisation and the specific production. Most certificate authorities have historically marketed multi-domain SSL certificates as a separate product. They'rhenium generally charged at a higher rate than a standard 1-name certification.

On the technical side, the SAN extension was introduced to integrate the grassroots name. Since HTTPS was maiden introduced in 2000 (and defined by the RFC 2818), the habituate of the commonName field has been considered deprecated, because IT's polysemous and untyped.

The CA/Browser Meeting place has since mandated that the SAN would also let in whatever value present in the common name, efficaciously qualification the SAN the only required reference for a certificate match with the server name. The notion of the common name survives mostly equally a legacy of the past. Thither are active discussions to remove its use from most browsers and interfaces.