| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by edsouza 3010 days ago

The certificate "Common Name" is: dns.cloudflare.com.

There is a certificate extension - Certificate Subject Alternative Name that lists the following:

  DNS Name: *.dns.cloudflare.com
  DNS Name: dns.cloudflare.com
  IP Address: 1.1.1.1
  IP Address: 1.0.0.1

Most likely the extension was included as part of the certificate signing request.

1 comments

prdonahue 3010 days ago

Most CAs ignore the subjectAltName extension when parsing CSRs (as it's a pain[1] for users to generate one properly). They just extract the public key, CN, and let you fill in SANs.

1 - Before Cloudflare I used to do this with OpenSSL and it requires half a dozen steps, but with cfssl you can do this quite easily: https://github.com/cloudflare/cfssl/wiki/Creating-a-new-CSR.

link

silverwind 3010 days ago

You can generate SAN CSRs with a openssl one-liner, not that hard.

link

prdonahue 3010 days ago

With a default install/config? Do tell.

link