RFC 2818 describes two methods to match a domain name against a certificate - using the available names within the subjectAlternativeName extension, or, in the absence of a SAN extension, falling back to the commonName. The fallback to the commonName was deprecated in RFC 2818 (published in 2000), but support still remains in a number of TLS clients, often incorrectly.

Documentation

• https://tools.ietf.org/html/rfc2818
• https://cabforum.org/baseline-requirements-documents/

Specification

Specification link

Status: Final published standard: Recommendation, Living Standard, Candidate Recommendation, or similar final form

Status in Chromium

Blink components: Internals>Network>Certificate

Implementation status: Removed (tracking bug)

Consensus & Standardization

• Firefox: Negative
• Edge: No signal
• Safari: No signal
• Web Developers: No signals

Owner

• rsleevi@chromium.org

Comments

Firefox has removed support in Firefox 48 (meaning "Supports removal")

Last updated on 2021-09-03