> IMHO if you want to use multiple email addresses within the > same certificate > you should use multiple subjectAltName extensions. This > ensures usability > with available clients (i.e. Mozilla, Thunderbird, etc... ). > I guess you > are able to use the certificate because the same addresses > are also reported > in the subjectAltName extension. > > Multiple emailAddress, anyway, within the DN should be avoided as this > format is against the standard and does not add any value > over the subjAltName > extension usage :-D > > -- > > C'you, > > Massimiliano Pala >
Well, putting multiple email addresses (or even one address) in both places maximizes compatibility with both new and older certificate parsers (email clients in this case). Putting them in the DN isn't "against" the standard. The standard has been modified, subject alt name has been added and there is a wish to move such information to the new extension. Until legacy applications are gone, it is wise to code this information in both locations. Wouldn't you agree? That's exactly what the CA I used has done. -lee
smime.p7s
Description: S/MIME cryptographic signature
