What is the security advantage of requiring the CN to be in the SAN list?

For quite a while, it has been common that the CN of a web server certificate also needs to be present in the SAN list, and new versions of browsers enforce this. So, if my CN is www.example.com, and the SAN has only example.com, browsers … Continue reading What is the security advantage of requiring the CN to be in the SAN list?

Ramifications of including "localhost" in the subject alternative field of an x509 certificate?

Are we inviting any problems if we add localhost and 127.0.0.1 to the subject alternative name field of an x509 certificate?
We are still trusting the appropriate root CA, but relaxing the rules of the name just a bit.

Continue reading Ramifications of including "localhost" in the subject alternative field of an x509 certificate?