services/Certificate-Authority.md
... ...
@@ -56,12 +56,12 @@ The following sites have been set up to demonstrate the CA failing to sign arbit
56 56
57 57
They all use the same certificate, that should be regarded invalid by whatever software you use because of
58 58
```
59
- Subject: CN=badkey.sour.is
60
-[...]
61 59
X509v3 Subject Alternative Name:
62
- DNS:badkey.sour.is, DNS:badkey.xuu.me, DNS:badkey.xuu.dn42, DNS:*
60
+ DNS:badkey.internal.dn42, DNS:badkey.sour.is, DNS:badkey.xuu.me, DNS:google.com, DNS:*.com, DNS:*.*
61
+
63 62
64 63
```
64
+even though the subject says `CN=badkey.internal.dn42`, which would be allowed.
65 65
66 66
## Importing the certificate
67 67