我最近发现了一些东西,这些东西对我自以为了解的有关 TLS 的一切提出了质疑。
本网站https://int.lyve-lyon.alpha.grandlyon.com使用 TLS 进行保护,但证书实际上是颁发给 rec.lyve-lyon.alpha.grandlyon.com。
服务器如何提交为不同主机颁发的证书,以及浏览器如何不抛出 TLS 错误?看起来证书的行为就像通配符证书,我不明白为什么。
最佳答案
Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. These values are called Subject Alternative Names (SANs). Names include:
- Email addresses
- IP addresses
- URIs
- DNS names (this is usually also provided as the Common Name RDN within the Subject field of the main certificate.)
- directory names (alternative Distinguished Names to that given in the Subject)
- other names, given as a General Name: a registered[3] object identifier followed by a value
关于http - 为什么 TLS 允许将证书颁发给不同的子域?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53482742/