421d80b6f0e076c57b809cd8189df282f46a6bf3
services/Certificate-Authority.md
... | ... | @@ -56,12 +56,12 @@ The following sites have been set up to demonstrate the CA failing to sign arbit |
56 | 56 | |
57 | 57 | They all use the same certificate, that should be regarded invalid by whatever software you use because of |
58 | 58 | ``` |
59 | - Subject: CN=badkey.sour.is |
|
60 | -[...] |
|
61 | 59 | X509v3 Subject Alternative Name: |
62 | - DNS:badkey.sour.is, DNS:badkey.xuu.me, DNS:badkey.xuu.dn42, DNS:* |
|
60 | + DNS:badkey.internal.dn42, DNS:badkey.sour.is, DNS:badkey.xuu.me, DNS:google.com, DNS:*.com, DNS:*.* |
|
61 | + |
|
63 | 62 | |
64 | 63 | ``` |
64 | +even though the subject says `CN=badkey.internal.dn42`, which would be allowed. |
|
65 | 65 | |
66 | 66 | ## Importing the certificate |
67 | 67 |