LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fraudulent certificates in the wild — again

Fraudulent certificates in the wild — again

Posted Jan 20, 2013 22:46 UTC (Sun) by cortana (subscriber, #24596)
In reply to: Fraudulent certificates in the wild — again by giraffedata
Parent article: Fraudulent certificates in the wild — again

> I couldn't tell from the startssl.com certificate just what its $60 product is, but as the description includes the phrase "organization validation," I presume that product has both the CN and O field filled in, whereas the free product has only CN (like lwn.net)

That is correct. They (in my case) also filled in E, L, ST and C.

(Log in to post comments)

Fraudulent certificates in the wild — again

Posted Jan 21, 2013 16:10 UTC (Mon) by Jonno (subscriber, #49613) [Link]

> I couldn't tell from the startssl.com certificate just what its $60 product is, but as the description includes the phrase "organization validation," I presume that product has both the CN and O field filled in, whereas the free product has only CN (like lwn.net)

Actually, both individual validation ($60) and organizational validation ($60+$60) will include O, L, ST, C and emailAddress, but for individual validation, O will contain the name of the individual validated, not the organization for which the individual works. I.e. for lwn.net the difference is whether it would contain "O=Jonathan Corbet" or "O=Eklektix, Inc.".

A free certificate from StartSSL will only contain CN, C and emailAddress.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds