Medium
The RFC6125 (https://tools.ietf.org/html/rfc6125) recommends
Move away from including and checking strings that look like
domain names in the subject's Common Name.
o Move toward including and checking DNS domain names via the
subjectAlternativeName extension designed for that purpose:
dNSName.
o Move toward including and checking even more specific
subjectAlternativeName extensions where appropriate for using the
protocol (e.g., uniformResourceIdentifier and the otherName form
SRVName).
o Move away from the issuance of so-called wildcard certificates
(e.g., a certificate containing an identifier for
"*.example.com").
So add that field in the request, and suggest people to use the system hostname in there.
Move away from including and checking strings that look like
domain names in the subject's Common Name.
o Move toward including and checking DNS domain names via the
subjectAlternativeName extension designed for that purpose:
dNSName.
o Move toward including and checking even more specific
subjectAlternativeName extensions where appropriate for using the
protocol (e.g., uniformResourceIdentifier and the otherName form
SRVName).
o Move away from the issuance of so-called wildcard certificates
(e.g., a certificate containing an identifier for
"*.example.com").
So add that field in the request, and suggest people to use the system hostname in there.
