DOLAdmin
asked on
SSL Certificate Question
I'm told by a commercial CA that just because a CSR might contain email address information (because the server process needed to create the CSR requires an admin's email address entry amongst other things), that the email address will not appear to the outside world in the certificate after they've signed it. Our security Chief has concerns and says (paraphrasing): "the CA doesn't care - it will"
1) Is this true?
2) Even if it did, what's the risk or threat?
Thanks.
1) Is this true?
2) Even if it did, what's the risk or threat?
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks!
ASKER
Just making sure its a common thing (using valid email addresses in CSR's) for most who deploy servers in DMZ's. Trying to pass a company security scan for a server...
Thanks.