Support for commonName matching in Certificates

Support for commonName matching in Certificates (removed)

RFC 2818 describes two methods to match a domain name against a certificate - using the available names within the subjectAlternativeName extension, or, in the absence of a SAN extension, falling back to the commonName. The fallback to the commonName was deprecated in RFC 2818 (published in 2000), but support still remains in a number of TLS clients, often incorrectly.

Comments

Firefox has removed support in Firefox 48 (meaning "Supports removal")

Documentation

Specification

Established standard

Status in Chromium

Blink components: Internals>Network>Certificate

Removed (tracking bug) in:

Chrome for desktop release 58
Chrome for Android release 58
Chrome for iOS release 58
Android WebView release 58

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: Opposed
Edge: No public signals
Safari: No public signals
Web Developers: No signals

Owner

rsleevi@chromium.org

Last updated on 2017-06-14