SSL certificate domain

1
votes

every ssl certificate has assigned domain name or host. But my question. How does browser know the domain of that certificate.

when i init ssl handshake, the browser sends oscp request to CA and in response is something. Is there the domain name for that this certificat is valid for. Or how does borwser recognize that this certificate is valid for that domain. From where does it know it?

thx

2
sslssl-certificate
The domain is specified in the Subject of the certificate as the CN (Common Name) attribute. It must match the host being authenticated or else the authentication of the web server will fail. You can see a sample of a X.509 decoded certificate at en.wikipedia.org/wiki/X.509. - andrei m

2 Answers

0
votes

Domain name is stored in certificate itself, in Common Name field.

0
votes

The host name is stored in the Subject Alternative Name extension or, if the S.A.N. extension isn't present, the Common Name entry in the Subject DN is used. See RFC 2818.