通配符证书名称的格式是什么? [英] What is the format of wildcard certificate name?
问题描述
我正在编写SSL证书的验证,我想知道具有通配符的证书名称的格式。从 RFC 2818 :
I'm writing validation of SSL certificates and I'd like to know the format of certificate names with wildcards. From the RFC 2818:
名称可以包含通配符*,这被认为是
匹配任何单个域名组件或组件片段。例如,
.a.com与foo.a.com匹配,但不与bar.foo.a.com匹配。 f .com与foo.com但不匹配bar.com。
Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., .a.com matches foo.a.com but not bar.foo.a.com. f.com matches foo.com but not bar.com.
通配符可能出现在中间的名字?还可以在一个名称中使用其中几个?
Is it possible for the wildcard character to appear in the middle of the name? Also can I use a few of them in one name?
hello.*.a.com
*.*.a.com
我明白这可能不是实用的,但我想知道什么是技术上可能。
I understand that it may not be practically useful, but I want to know what is technically possible.
推荐答案
我建议您使用较新的 RFC 6125 而不是RFC 2818.此RFC使通配符处理更清晰。基本上它意味着:
I recommend you use the newer RFC 6125 instead of RFC 2818. This RFC make wildcard handling more clear. Essentially it means:
- 只有最左边的标签,例如
*。example.com但不是www。*。com。这隐含地排除了多个通配符,例如*。*。example.com。 - 通配符标签只能与单个标签匹配,即
*。example.com将匹配www.example.com,但不匹配sub.www .example.com。 - 如果通配符不是完整标签(即
w * .example.com)它不应该出现在IDNA标签内。
- Only left-most labels, i.e.
*.example.combut notwww.*.com. This implicitly excludes multiple wildcards like*.*.example.com. - A wildcard label can be matched only against a single label, i.e.
*.example.comwill matchwww.example.combut notsub.www.example.com. - If the wildcard is not the full label (i.e.
w*.example.com) it should not occur inside IDNA labels.
这就是今天浏览器中实现的内容。除此之外,你会发现更多的限制,如没有通配符的顶级和二级(即没有 * 或 *。com )和有时更多的限制,如 *。co.uk 没有通配符。
That's about what is implemented in the browsers today. Apart from that you'll find more restrictions like no wildcards for top-level and second-level (i.e. no * or *.com) and sometimes more restrictions like no wildcards for *.co.uk.
请参阅 CAB基线要求,第3.2.2.6节。
Also have a look at CAB Baseline Requirements, section 3.2.2.6.
这篇关于通配符证书名称的格式是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
