Compatibility testing of No Common Name

This was covered briefly in the other thread that spawned this compatibility testing thread:

We originally thought to do this by copying the serial number field into the subject, but it’s been suggested that the Baseline Requirements would term this “Subject Identity Information,”

Subject Identity Information: Information that identifies the Certificate Subject. Subject Identity Information does not include a domain name listed in the subjectAltName extension or the Subject commonName field.

Since Let’s Encrypt uses the CA/Browser Forum domain-validated OID ( in its certificates, the certificates are not supposed to have Subject Identity Information

1 Like