Discuss this help topic in SecureBlackbox Forum
TElX509CertificateValidator.IgnoreCAKeyUsage
Specifies whether to check the SubjectName.CommonName if SubjectAltName extension is present.
Declaration
Description
The RFC 6125 requires that SubjectAltName (SAN) extension should be checked if it is present, and if it is, then SubjectName.CommonName (CN) should not be checked. This contradicts to some existing certificates where, for instance, a.com is put in CN and www.a.com is put to SAN. Therefore, the new behavior is the default option in SecureBlackbox, which can be disabled if the old way of checking both SAN and CN is needed. The default value is True.