Discuss this help topic in SecureBlackbox Forum

TElX509CertificateValidator.SkipSubjectNameIfAltNameExists

TElX509CertificateValidator     


Filter: C#  VB.NET  Pascal  C++  PHP  Java  


Specifies whether to check the SubjectName.CommonName if SubjectAltName extension is present.

Declaration

[C#]
    bool SkipSubjectNameIfAltNameExists;

[VB.NET]
    Property SkipSubjectNameIfAltNameExists As Boolean

[Pascal]
    property SkipSubjectNameIfAltNameExists : boolean;

[C++]
    bool get_SkipSubjectNameIfAltNameExists();
    void set_SkipSubjectNameIfAltNameExists(bool Value);

[PHP]
    bool get_SkipSubjectNameIfAltNameExists()
    void set_SkipSubjectNameIfAltNameExists(bool $Value)

[Java]
    boolean getSkipSubjectNameIfAltNameExists();
    void setSkipSubjectNameIfAltNameExists(boolean Value);

Description

    The RFC 6125 requires that SubjectAltName (SAN) extension should be checked if it is present, and if it is, then SubjectName.CommonName (CN) should not be checked. This contradicts to some existing certificates where, for instance, a.com is put in CN and www.a.com is put to SAN. Therefore, the new behavior is the default option in SecureBlackbox, which can be disabled if the old way of checking both SAN and CN is needed. The default value is True.

Discuss this help topic in SecureBlackbox Forum