Discuss this help topic in SecureBlackbox Forum

TElX509CertificateValidator.IgnoreCAKeyUsage

TElX509CertificateValidator     


Filter: C#  VB.NET  Pascal  C++  PHP  Java  


Specifies whether to check the SubjectName.CommonName if SubjectAltName extension is present.

Declaration

[C#]
    bool IgnoreCAKeyUsage;

[VB.NET]
    Property IgnoreCAKeyUsage As Boolean

[Pascal]
    property IgnoreCAKeyUsage : boolean;

[C++]
    bool get_IgnoreCAKeyUsage();
    void set_IgnoreCAKeyUsage(bool Value);

[PHP]
    bool get_IgnoreCAKeyUsage()
    void set_IgnoreCAKeyUsage(bool $Value)

[Java]
    boolean getIgnoreCAKeyUsage();
    void setIgnoreCAKeyUsage(boolean Value);

Description

    The RFC 6125 requires that SubjectAltName (SAN) extension should be checked if it is present, and if it is, then SubjectName.CommonName (CN) should not be checked. This contradicts to some existing certificates where, for instance, a.com is put in CN and www.a.com is put to SAN. Therefore, the new behavior is the default option in SecureBlackbox, which can be disabled if the old way of checking both SAN and CN is needed. The default value is True.

Discuss this help topic in SecureBlackbox Forum